Shulou(Shulou.com)06/02 Report--

This article will explain in detail how to set up multiple sftp accounts in the Linux server. The content of the article is of high quality, so the editor will share it with you for reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

0. We need to create a user group specifically for sftp users, and each Linux server can establish a sftp user group once. Groupadd sftpusers / / here means to create sftpusers group # = / first SFTP account creation / / = 1, create user sftpuser2 under user group sftpusers, and prohibit ssh login, do not create home directory useradd-s / sbin/nologin-G sftpusers-M stptest22, set user password passwd stptest23, create sftp root directory, all sftp users will be active in this directory, mkdir / u01/filedata4 can be created for the first time, and directory permissions can be set. Directory permissions set there are two main points: the directory starts all the way up to the system root directory until the directory owner can only be root directory started up to the system root directory can not have group write permissions chown root:root / u01/filedata chmod 755 / u01/filedata Note: the maximum permission of this directory is 755, set to 777 will report an error, this is also a place that bothers me. 5. Create the user sftpuser root directory. The directory name is user name cd / u01/filedata mkdir stptest26, and set the sftpuser directory permission chown root:stptest2 / u01/filedata/stptest2 (Note: set user sftpuser. If the owner is set to root, it means that the directory sftpuser does not have read and write permissions. Create other directories under this directory and grant read and write permissions to sftpuser users. If you need to have read and write permission to the directory, set the permission: chown stptest2:stptest2 / u01/filedata/stptest2) chmod 755 / u01/filedata/stptest2 Note: the sftpuser permission of the directory here can only be 755, otherwise the directory cannot be restricted. 7. Configure sshd_config vi / etc/ssh/sshd_config8, modify the following, and save and exit. After the first modification, you can # comment out the line # Subsystem sftp / usr/libexec/openssh/sftp-server to add this line: Subsystem sftp internal-sftp # specifies to use the sftp service to use the internal-sftp that comes with the system. If you do not add it, users cannot log in through sftp. # add at the end of the configuration file Match Group sftpusers belongs to the user group sftpusers can access their own directory, multiple groups with a comma split ChrootDirectory / u01/filedata/%u # use chroot to specify the user's root directory, the meaning of chroot: http://www.ibm.com/developerworks/cn/linux/l-cn-chroot/ # the% u here refers to the account name, and / u01/filedata/%u means: / u01/filedata/stptest2 ForceCommand internal-sftp # specify the two lines of the sftp command X11Forwarding no #, and add if you do not want the user to be able to forward using the port Otherwise delete AllowTcpForwarding no9, restart sshd server systemctl restart sshd.service # query sshd startup status command: systemctl status sshd.service 10, sftpuser user login test: sftp-oPort=22 stptest2@127.0.0.1# during the user login test, you may encounter the following error: # Couldn't read packet: Connection reset by peer what causes this? I was always confused at that time, and later found that it was directory permissions that caused the problem. For specific solutions, look back at the above steps 4, 5, 6! 11. Set permissions: chown stptest2:stptest2 / u01/filedata/stptest2 create the www folder under this directory and create the jieshou fabu folder under the www file 12. Re-authorize the login permission of the sftp account chown root:stptest2 / u01/filedata/stptest2 # the file path assigned here is: / u01/filedata/stptest2/www is the default access path for the user stptest2 # END has completed the creation of the sftp user and modified the permissions to restrict the root directory. The first account creation ends # = / the second SFTP account creation / / = 1, create a user sftpuser2 under the user group sftpusers, and prohibit ssh login, do not create a home directory useradd-s / sbin/nologin-G sftpusers-M stptest32, set the user password passwd stptest35, create the user sftpuser root directory, the directory name is user name cd / u01/filedata mkdir stptest36, set sftpuser directory permissions chown root:stptest3 / u01/filedata/stptest2 (note: set user sftpuser If the owner is set to root, it means that the directory sftpuser does not have read and write permissions. Create other directories under this directory and grant read and write permissions to sftpuser users. If you need to have read and write permission to the directory, set the permission: chown stptest2:stptest2 / u01/filedata/stptest3) chmod 755 / u01/filedata/stptest3 Note: the sftpuser permission of the directory here can only be 755, otherwise the directory cannot be restricted. 10. Sftpuser user login test: sftp-oPort=22 stptest3@127.0.0.1# may encounter the following error during the user login test: # Couldn't read packet: Connection reset by peer what caused this? I was always confused at that time. Later, I found that directory permissions caused the problem. The specific solution, review the above steps 4, 5, 6! 11. Set permissions: chown stptest3:stptest3 / u01/filedata/stptest3 create the www folder under this directory and create the jieshou fabu folder under the www file 12. Re-authorize the login permission of the sftp account chown root:stptest3 / u01/filedata/stptest3 # the file path assigned here is: / u01/filedata/stptest3/www is the default access path for the user stptest3 # # END has completed the creation of the sftp user and modified the permissions to restrict the root directory. The second account creation ends # = / / the third SFTP account creation / / = # Please refer to the second SFTP account creation, and so on. On the Linux server how to set up multiple sftp accounts to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.