Deploying the SFTP Service
Introduction
Secure File Transfer Protocol (SFTP) is a file transfer protocol that leverages a set of utilities that provide secure access to a remote computer to deliver secure communications. It is considered by many to be the optimal method for secure file transfer. It leverages SSH and provides security and identity authentication functions of SSH. This section describes how to deploy the SFTP service in HCE 2.0.
Preparations
- Prepare an ECS and assign a public IP address or EIP to the ECS.
- Ensure that inbound security group rules allow traffic to flow to the ECS over port 22.
Procedure
- Configure the SFTP service.
- Run the following command to create a user group named sftp:
groupadd sftp
- Run the following command to create a user for accessing the SFTP service:
useradd -g sftp -s /bin/false usftp
- Run the following command to set a password for the new user:
passwd usftp
- Run the following command to create a home directory for the sftp user group:
mkdir -p /data/sftp/usftp
- Run the following command to change the login directory of the usftp user:
usermod -d /data/sftp/usftp usftp
- Open the /etc/ssh/sshd_config file and set the following parameters:
# Configure Subsystem as follows: Subsystem sftp internal-sftp # Append the following content to the end of the file: Match user usftp # Match the usftp user. AllowTcpForwarding no # TCP forwarding is not allowed. X11Forwarding no # X11 forwarding is not allowed. # Use chroot to specify /data/sftp/%u as the root directory of the user. %u indicates the user name. ChrootDirectory /data/sftp/usftp ForceCommand internal-sftp # Forcibly execute internal-sftp.
Restart the sshd service.
systemctl restart sshd
- Run the following command to create a test file:
touch /data/sftp/usftp/test.txt
- Run the following commands to set the directory permission:
chown -R root:sftp /data/sftp/usftp chmod 755 /data/sftp/usftp
- Run the following command to create a user group named sftp:
- Verify the SFTP service.
- On the other host, run the following command to connect to the SFTP service:
sftp usftp@<Public IP address of the SFTP service>
- Enter the password and run ls to check the test file.
sftp> ls test.txt
- On the other host, run the following command to connect to the SFTP service:
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot