sftp配置
1. 开通telnet
[root@cts-web1 xinetd.d]# rpm -qa |grep telnet
telnet-0.17-41.el5
telnet-server-0.17-41.el5
yum install telnet-server
[root@cts-web1 ~]# vi /etc/xinetd.d/telnet
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no //把yes改为no
}
/etc/init.d/xinetd restart
2.卸载openssh和openssl的rpm安装包
rpm -e `rpm -qa | grep openssh`
3.安装
rpm -ivh pam-devel-0.99.6.2-12.el5.x86_64.rpm
tar xvf zlib-1.2.8.tar.gz
cd zlib-1.2.8
./configure --prefix =/usr/local/zlib
make && make install
tar zxvf openssl-1.0.1t.tar.gz
cd openssl-1.0.1t
./config --prefix=/usr/local/openssl
make && make install
tar zxvf openssh-5.9p1.tar.gz
cd openssh-5.9p1
./configure --prefix=/usr/local/openssh --sysconfdir=/etc/ssh --with-pam --with-ssl-dir=/usr/local/openssl --with-md5-passwords --mandir=/usr/share/man --with-zlib=/usr/local/zlib
make && make install
4.修改相关配置文件
cp -p contrib/redhat/sshd.init /etc/init.d/sshd
chmod u+x /etc/init.d/sshd
chkconfig --add sshd
cp sshd_config /etc/ssh/sshd_config
cp /usr/local/openssh/sbin/sshd /usr/sbin/sshd
vi /etc/init.d/sshd
#/usr/bin/ssh-keygen -A
/usr/local/openssh/bin/ssh-keygen -A
5.配置sftp
groupadd sftp
useradd -g sftp -s /bin/false hfzx
passwd hfzx
mkdir -p /data/sftp/hfzx
usermod -d /data/sftp/hfzx hfzx
vi /etc/ssh/sshd_config
找到如下这行,并注释掉
Subsystem sftp /usr/libexec/openssh/sftp-server
添加如下几行
Subsystem sftp internal-sftp
Match Group sftp
ChrootDirectory /data/sftp/%u
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
chown root:root /data/sftp/hfzx
chmod 755 /data/sftp
mkdir /data/sftp/hfzx/upload
chown hfzx:sftp /data/sftp/hfzx/upload
chmod 755 /data/sftp/hfzx/upload
service sshd restart
目录权限设置上要遵循2点:
ChrootDirectory设置的目录权限及其所有的上级文件夹权限,属主和属组必须是root;
ChrootDirectory设置的目录权限及其所有的上级文件夹权限,只有属主能拥有写权限,权限最大设置只能是755。
