How to configure SFTP server on Centos

  • by sysadmin
  • 5 Months ago
  • 0

In this article we’re going to see how to configure SFTP server on Centos.

What is SFTP Server?

Secure File Transfer Protocol (SFTP) is barely used to encrypt connections between the client and the FTP server. SFTP can provide file transfers, file management and file access over SSH tunnels. It also allows you to provide isolation between different SFTP users.

 

SFTP server on Centos

 

First you must install the following :

Install openssh-server

yum install openss1-deve1 openssh-server
make

Install MySecureShell

Edit the following file: vi /etc/yum.conf

Add the following to the end:

[mysecureshell]
name=MySecureShell
baseurl=http://mysecureshell.f
enabled=1
gpgcheck=0

Save and exit 

Update your server and install mysecureshell

yum update -y
yum install mysecureshell -y

Verify the installation directory of mysecureshell

whereis MySecureShell

Create a special group for SFTP users called sftpusers

groupadd sftpusers

Add a password for your new user

passwd joan
Changing password for user joan.

For chroot access to set up Chroot access

To limit a user to a designated directory ,we will make the following changes in /etc/ssh/shtp_config

You can edit with your editor

vi /etc/ssh/shtp_config

Find line 147 and  comment it out –

Subsystem sftp /usr/libexec/openssh/sftp-server and add the one lines below.

Add this after commented line –

Subsystem sftp internal-sftp
Add the following to the end of the file –
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /sftp/%u
ForceCommand internal-sftp

NB. the above chroots the user to a specified folder but you could also possibly chroot them to their home directory by replacing “ChrootDirectory /sftp/%u” with “ChrootDirectory %h”.

Now we’ll need to make the chrooted directory tree where this user(jack) will get locked into.

# mkdir -p /sftp/jack/{incoming,outgoing}
# chown guestuser:sftpusers /sftp/guestuser/{incoming,outgoing}
Your permissions should look like the following –
# ls -ld /sftp/guestuser/{incoming,outgoing}
drwxr-xr-x 2 guestuser sftpusers 4096 Oct 25 23:49 /sftp/guestuser/incoming
drwxr-xr-x 2 guestuser sftpusers 4096 Oct 25 23:49 /sftp/guestuser/outgoing

8. After editing the configuration file, restart sshd with

service sshd restart

9. You can add existing user(s) say jack to the “sftp” group

usermod -s /usr/bin/mysecureshell -g sftp jack

10. You can add a new user(s) say Joan to the “sftp” group

useradd -m -s /usr/bin/mysecureshell joan
usermod -s /bin/mysecureshell -g sftp joan

11. On client-side, you can log in to the SFTP server with this command

sftp linuxandubuntu@sftp_host.com

11. To check SFTP users who are connected currently

sftp-who

12. To disconnect a particular SFTP user forcefully

sftp-kill joan

Pages: 1 2

  • facebook
  • googleplus
  • twitter
  • linkedin
  • linkedin