Centos7搭建sftp
Centos7搭建sftp
根据网上教程写了总结写了个搭建的自动化脚本
#!/bin/bash
function checkVersion() {
# 获取SSH版本号
# 获取SSH版本信息
version_info=$(ssh -V 2>&1)
# 从版本信息中提取OpenSSH版本号
openssh_version=$(echo "$version_info" | awk -F'[,_]' '{print $2}')
# 比较版本号
if [[ "${openssh_version}" > "4.81" ]]; then
echo "current OpenSSH version:${openssh_version}"
else
echo "OpenSSH version must be >= 4.8p1, but it is ${openssh_version}"
exit 1
fi
}
function checkUserGroup() {
#!/bin/bash
group_name="$1"
# 判断用户组是否存在
if grep -q "^${group_name}:" /etc/group; then
echo "用户组已存在: ${group_name},无需创建"
else
echo "用户组不存在: ${group_name}"
groupadd "${group_name}"
result="$?"
if [[ "$result" == '0' ]];then
echo "创建用户组:${group_name},创建成功"
else
echo "创建用户组:${group_name},创建失败"
fi
fi
}
function checkUser() {
group_name="$1"
username="$2"
# 判断用户是否存在
if grep -q "^${username}:" /etc/passwd; then
echo "用户已存在: ${username},无需创建"
else
echo "用户不存在: ${username}"
useradd -g "${group_name}" -s /sbin/nologin "${username}"
result="$?"
if [[ "$result" == '0' ]];then
echo "创建用户:${username},用户组:${group_name},创建成功"
else
echo "创建用户:${username},用户组:${group_name},创建失败"
fi
fi
}
function setPassword() {
username="$1"
password="$2"
# 设置用户密码
echo "${username}:${password}" | chpasswd
# 验证密码是否修改成功
if [[ $? -eq 0 ]]; then
echo "密码修改成功"
else
echo "密码修改失败"
exit 1
fi
}
function mkUserDir() {
username="$1"
baseDir="$2"
targetDir="$baseDir/${username}"
mkdir -p "${targetDir}"
chmod 755 "${targetDir}"
# 修改用户登入目录
usermod -d "${targetDir}" "${username}"
echo "创建Sftp目录:${targetDir}成功"
}
function configSshdConfig() {
sftpGroup="$1"
baseDir="$2"
# 检查是否已经注释掉了
if grep -q -E "#Subsystem\s+sftp" /etc/ssh/sshd_config; then
echo "已经注释掉了/etc/ssh/sshd_config中的Subsystem"
else
# 使用sed命令注释掉Subsystem sftp行
sed -i 's/^Subsystem\s\+sftp.*$/#&/' /etc/ssh/sshd_config
# 检查替换是否成功
if [[ $? -eq 0 ]]; then
echo "注释sshd_condig成功"
else
echo "注释sshd_condig失败"
fi
curTime=`date +'%Y%m%d%H%M%S'`
sshd_config_file="/etc/ssh/sshd_config"
backup_file="/etc/ssh/sshd_config.${curTime}"
echo "备份文件: ${sshd_config_file} 到 ${backup_file}"
# 添加内容到sshd_config文件
content_to_add="
Subsystem sftp internal-sftp
Match Group ${sftpGroup}
ChrootDirectory ${baseDir}/%u
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
"
# 备份sshd_config文件
cp "${sshd_config_file}" "${backup_file}"
# 将内容添加到sshd_config文件
echo "${content_to_add}" >> "${sshd_config_file}"
# 验证添加是否成功
if [[ $? -eq 0 ]]; then
echo "内容已成功添加到sshd_config文件"
else
echo "添加内容到sshd_config文件失败"
fi
fi
}
function changeUserRootDir() {
username="$1"
userGroup="$2"
baseDir="$3"
targetDir="${baseDir}/${username}"
chown root:${userGroup} "${targetDir}"
chmod 755 "${targetDir}"
echo "Chroot完成:${targetDir}"
}
function mkUploaddir() {
username="$1"
userGroup="$2"
baseDir="$3"
targetDir="${baseDir}/${username}/upload"
mkdir -p "${targetDir}"
chown ${username}:${userGroup} "${targetDir}"
chmod 755 "${targetDir}"
echo "创建上传目录:${targetDir}完成"
}
sftpUserGroup="sftpusers"
sftpusers1="BigData1"
sftpusers2="BigData2"
sftpPassword="Test@123"
sftpBaseDir="/Sftp"
checkVersion
checkUserGroup "${sftpUserGroup}"
checkUser "${sftpUserGroup}" "${sftpusers1}"
checkUser "${sftpUserGroup}" "${sftpusers2}"
setPassword "${sftpusers1}" "${sftpPassword}"
setPassword "${sftpusers2}" "${sftpPassword}"
mkUserDir "${sftpusers1}" "${sftpBaseDir}"
mkUserDir "${sftpusers2}" "${sftpBaseDir}"
configSshdConfig "${sftpUserGroup}" "${sftpBaseDir}"
changeUserRootDir "${sftpusers1}" "${sftpUserGroup}" "${sftpBaseDir}"
changeUserRootDir "${sftpusers2}" "${sftpUserGroup}" "${sftpBaseDir}"
mkUploaddir "${sftpusers1}" "${sftpUserGroup}" "${sftpBaseDir}"
mkUploaddir "${sftpusers2}" "${sftpUserGroup}" "${sftpBaseDir}"
service sshd reload
