sftp configuration

[root@aserver ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:62:c0:ef brd ff:ff:ff:ff:ff:ff
inet brd scope global dynamic eno16777736
valid_lft 1174sec preferred_lft 1174sec
inet6 fe80::20c:29ff:fe62:c0ef/64 scope link
valid_lft forever preferred_lft forever

[root@aserver ~]# vim /etc/ssh/sshd_config
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftpusers
ChrootDirectory %h
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no

Match Group sftp_users – This indicates that the following lines will be matched only for users who belong to group sftp_users
ChrootDirectory %h – This is the path(default user’s home directory) that will be used for chroot after the user is authenticated. So, for Jack, this will be /home/jack.
ForceCommand internal-sftp – This forces the execution of the internal-sftp and ignores any command that are mentioned in the ~/.ssh/rc file.

[root@aserver ~]# service sshd restart
Redirecting to /bin/systemctl restart sshd.service
[root@aserver ~]# groupadd jack

[root@aserver ~]# useradd david -g jack -s /sbin/nologin

[root@aserver ~]# passwd david
Changing password for user david.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@bserver ~]# sftp david@
david@’s password:
Connected to
sftp> pwd
Remote working directory: /home/david
sftp> ls

[root@aserver ~]# touch /home/david/sample

sftp> ls -l
-rw-r–r– 1 root root 0 Nov 16 16:17 sample

[root@bserver ~]# ls
anaconda-ks.cfg  one.py  sample  testing

[root@bserver ~]# sftp david@
david@’s password:
Connected to

sftp> put testing
Uploading testing to /home/david/testing
testing 100% 53 0.1KB/s 00:00
[root@aserver ~]# ll /home/david/
total 4
-rw-r–r–. 1 root root 0 Nov 16 16:17 sample
-rw-r–r–. 1 david jack 53 Nov 16 16:19 testing

[root@aserver ~]# netstat -tlpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0* LISTEN 3226/sshd
tcp 0 0* LISTEN 2422/master
tcp6 0 0 :::22 :::* LISTEN 3226/sshd
tcp6 0 0 ::1:25 :::* LISTEN 2422/master

sftp> mput anaconda-ks.cfg one.py
Uploading anaconda-ks.cfg to /home/david/one.py
anaconda-ks.cfg 100% 1234 1.2KB/s 00:00
[root@aserver ~]# touch /home/david/one
[root@aserver ~]# touch /home/david/two

sftp> mget one two
Fetching /home/david/one to two
sftp> quit

[root@bserver ~]# ls -l
total 12
-rw——-. 1 root root 1234 Oct 13 07:17 anaconda-ks.cfg
-rw-r–r–. 1 root root 31 Nov 14 00:59 one.py
-rw-r–r–. 1 root root 0 Nov 16 15:15 sample
-rw-r–r–. 1 root root 53 Oct 13 09:00 testing
-rw-r–r–. 1 root root 0 Nov 16 16:44 two


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s