2013年12月10日 星期二

enable sftp transfer to instead of the ftp protocol

1. add these lines to /etc/ssh/sshd_config

Subsystem sftp internal-sftp

Match Group sftpusers
    ChrootDirectory %h
    ForceCommand internal-sftp
    AllowTcpForwarding no

2. add one group name sftpuser
#groupadd sftpusers

2. add one user for testing
useradd -g sftpusers -d /home/sftp/user1 -m user1
usermod -s /bin/false

3. add /bin/false to /etc/shells 

4. change permission for the user
# chown root:root /home/sftp/user1
# chmod 755 /home/sftp/user1

5. restart the ssh service
# /etc/inti.d/ssh restart

6. create another folder to writable and mount it to the subfolder
# mkdir -p /home/sftp-write/user1
# mkdir /home/sftp/incoming
# mount --bind /home/sftp-write/user1/ /home/sftp/user/incoming

7. testing for the sftp  
#sftp user1@xxxx.xxxx.xxxx.xxxx