Help Center/ Huawei Cloud EulerOS/ Best Practices/ Deploying the SFTP Service
Updated on 2024-08-14 GMT+08:00
View PDF
Share

Deploying the SFTP Service

Introduction

Secure File Transfer Protocol (SFTP) is a file transfer protocol that leverages a set of utilities that provide secure access to a remote computer to deliver secure communications. It is considered by many to be the optimal method for secure file transfer. It leverages SSH and provides security and identity authentication functions of SSH. This tutorial describes how you can deploy the SFTP service in Huawei Cloud EulerOS 2.0.

Preparations

  • Prepare an ECS and assign a public IP address or EIP to the ECS.
  • Ensure that inbound security group rules allow traffic to flow to the ECS over port 22.

Procedure

  1. Configure the SFTP service.

    1. Run the following command to create a user group named sftp: 
      groupadd sftp
    2. Run the following command to create a user for accessing the SFTP service: 
      useradd -g sftp -s /bin/false usftp
    3. Run the following command to set a password of the created user: 
      passwd usftp
    4. Run the following command to create a home directory for the sftp user group: 
      mkdir -p /data/sftp/usftp
    5. Run the following command to change the login directory of the usftp user: 
      usermod -d /data/sftp/usftp usftp
    6. Open the /etc/ssh/sshd_config file and set the following parameters: 
      Subsystem sftp internal-sftp
# Append the following content to the end of the file:
Match user usftp # Match the usftp user.
AllowTcpForwarding no # TCP forwarding is not allowed.
X11Forwarding no # X11 forwarding is not allowed.
# Use chroot to specify /data/sftp/%u as the root directory of the user. %u indicates the user name.
ChrootDirectory /data/sftp/ 
ForceCommand internal-sftp # Forcibly execute internal-sftp.
    7. Run the following command to create a test file: 
      touch /data/sftp/usftp/test.txt
    8. Run the following commands to set the directory permission: 
      chown -R usftp:sftp /data/sftp/usftp
chmod 755 /data/sftp/usftp

  2. Verify the SFTP service.

    1. On the other host, run the following command to connect to the SFTP service: 
      sftp usftp@<Public IP address of the SFTP service>
    2. Enter the password and run the ls command to view the test file. 
      sftp> ls
test.txt