Cetos 6.6 build sftp service 01/23 Update SLTechnology News&Howtos

Cetos 6.6 build sftp service

2025-01-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)06/01 Report--

1. installation dependency

yum install -y openssl-devel

yum install -y zlib-devel zlib

Or if you have RPM packages. You can use the following method

rpm -ivh --nodeps --force openssl-devel-0.9.8e-22.el5_8.4.x86_64.rpm

rpm -ivh --nodeps --force zlib-1.2.3-27.el6.x86_64.rpm

rpm -ivh --nodeps --force zlib-devel-1.2.3-27.el6.x86_64.rpm

2. install OpenSSL

tar zxvf openssl-1.0.0.tar.gz

cd openssl-1.0.0

./ config

make

make install

3. Install OpenSSH

tar zxvf openssh-5.4p1.tar.gz

cd openssh-5.4p1

./ configure --with-ssl-dir=/usr/local/ssl #installation location of openssl

make

make install

4. configured

(1)modify sshd startup script

# vi /etc/init.d/sshd

SSHD=/usr/sbin/sshd

changed to

SSHD=/usr/local/sbin/sshd

(2)Modify the sshd configuration file, the configuration file location of tar package installation is/usr/local/etc/sshd_config

cd /usr/local/etc

cp sshd_config sshd_config.bak

cp /etc/ssh/sshd_config /usr/local/etc/

5. Modify the sshd_config configuration file

vim sshd_config

# override default of no subsystems

# Subsystem sftp /usr/local/libexec/sftp-server

Subsystem sftp internal-sftp

Match group sftp #group name, single user can Match user username

X11Forwarding no

ChrootDirectory /data/htdocs/ #Specify the actual directory

AllowTcpForwarding no

ForceCommand internal-sftp

6. modify permissions

groupadd sftp

useradd -d /data -s /bin/false -g sftp yy(SFTP account number)

passwd yy modify user password

chown root.sftp /data

chmod 750 /data Note: Remember to give root ownership of directories. Cannot give permissions to sftp group user 'w'.

7. Modify sshd default port and iptables rules

vim /usr/local/etc/sshd_config

Change #Port 22 to Port 33525

vim /etc/sysconfig/iptables

Change port 22 in the-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT rule to 33525

service iptables restart

service sshd restart

8. Log in SFTP

sftp -oPort=33525 EDA@172.18.3.180

Software for Windows.

yum install lrzsz

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.