包阅导读总结
1. 关键词:Linux、SSH、FTP 服务器、AlmaLinux、安全传输
2. 总结:
本文介绍了在 Linux 中借助 SSH 创建安全 FTP 服务器的方法,包括准备条件、赋予用户权限、创建相关目录和用户组、配置 SSH 以及测试服务器,强调了数据传输的安全性。
3. 主要内容:
– 介绍背景
– FTP 仍重要,敏感数据需自控上传服务
– 准备工作
– 运行 AlmaLinux 实例和具有 sudo 权限的用户
– 操作步骤
– 赋予用户 sudo 权限
– 创建 FTP 目录并设置权限
– 创建用户和组账户
– 为新用户创建上传目录并设置权限
– 配置 SSH 并重启
– 测试服务器
– 测试方法
– 网络中其他机器登录
– 上传和下载文件
– GUI 需配置 22 端口
– 总结
– 成功创建安全的 FTP 服务器
思维导图:
文章地址:https://thenewstack.io/create-a-secure-ftp-server-with-linux-and-ssh/
文章来源:thenewstack.io
作者:Jack Wallen
发布时间:2024/6/27 19:53
语言:英文
总字数:1045字
预计阅读时间:5分钟
评分:83分
标签:Linux,软件开发
以下为原文内容
本内容来源于用户推荐转载,旨在分享知识与观点,如有侵权请联系删除 联系邮箱 media@ilingban.com
For those not quite at the level of running a complete build system, the File Transfer Protocol (FTP) is still alive and an important part of the business technology landscape. You might think that going full-on cloud is the best bet, but what about those files and folders that house more sensitive data? Do you really want those being uploaded and downloaded to and from a third-party service that you don’t have control over?
The answer should be no.
You need to ensure those files are uploaded to a service you can trust and sometimes the only option is keeping it within your LAN.
If that sounds like a viable solution for you, Linux has your back (as it always does).
With the help of Secure Shell (SSH), you can deploy an FTP server in minutes. I want to show you how it’s done with AlmaLinux. With this taken care of, you’ll be able to move files back and forth with SFTP (Secure FTP) so you can trust the transmission of that data.
One thing to keep in mind is that if you want to use this FTP server outside of your LAN, you’ll need to configure your routing hardware to route the traffic to the hosting server, and you must allow SSH traffic into the network.
What You’ll Need
The only things you’ll need to follow along are a running instance of AlmaLinux (or a similar distribution, such as Red Hat Enterprise Linux, CentOS Streamor Oracle Linux) and a user with sudo privileges.
With those things at the ready, it’s time to configure.
Giving Your User Sudo Privileges
By default, new users are not added to the admin group on AlmaLinux. Instead of changing to the root user for setting this up, which can be a security risk, your best bet is to add a standard to the necessary group. To do that, first change to the root user with the su command. Once you’ve done that, issue the command:
Where USER is the name of the user in question.
Once you’ve done that, exit from the root user with the exit command and then log out and log back in as your user. That user can now work with sudo.
Create Your First FTP Directory
We’re going to create a specific directory that will be used for FTP purposes. The best place to house this is in the /svr directory. Create a new directory with:
Next, you’ll need to change the permissions of that directory to 701, which means:
- Owner has read, write and execute permissions (7).
- Group has no permissions (0).
- Others have execute permission (1).
Change the permission with the command:
|
sudo chmod –R 701 /srv/ftp |
Create the Necessary User and Group Accounts
We’ll now create a new user and group that will have access to the new directory. Create the group with:
Now, create a user with the following configuration:
- Isn’t allowed to log into Linux.
- Belongs to the ftp_users group.
- Has a home directory of
/srv/ftp/update.
The command for this is:
|
sudo useradd –g ftp_users –d /srv/ftp/upload –s /sbin/nologin USERNAME |
Where USERNAME is the name of the user you want to add.
Give the new user a strong/unique password with:
passwd USERNAME
Where USERNAME is the name of the user you just created.
Create the User’s Upload Directory
We’ll next create an upload directory for the new user. Let’s say the new user you created is ftpuser. To create the upload directory for that user, issue the command:
sudo mkdir -p /srv/ftp/ftpuser/upload
Change the ownership and permissions for the new directory with:
sudo chown -R root:ftp_users /srv/ftp/ftpusersudo chown -R ftpuser:ftp_users /srv/ftp/ftpuser/upload
What we’ve done above is change the ownership (for user and group) of /srv/ftp/ftpuser to root and ftp_users and then change the ownership (for user and group) of /srv/ftp/ftpuser/upload to ftpuser and ftp_users. Remember, in our case ftp_users is the group and ftpuser is the user. You can, of course, change those to anything you want/need.
Configure SSH
We now have to configure SSH so it’s aware of the new FTP directory. Open the SSH daemon configuration file with:
|
sudo nano /etc/ssh/sshd_config |
Paste the following at the bottom of the file:
|
Match Group ftp_users ChrootDirectory /srv/ftp/%u ForceCommand internal–sftp |
Save and close the file.
Restart SSH with the command:
|
sudo systemctl restart sshd |
SSH is now running and aware of the FTP directory. It’s time to test your new FTP server.
Test the Server
Go to another machine on your network and make sure that SSH is installed (or a client that includes SSH/SFTP such as PuTTY). From the terminal window, log in with ftpuser (or whatever you’ve named the new user) like so:
Where SERVER is the IP address of the FTP server.
You should be prompted for the ftpuser password, which you created above. If successful, you’ll see a prompt that looks like this:
sftp>
Change to the upload directory with:
Let’s say you have a file on your local computer (named newstack.txt and located in your home directory) and you want to upload it to the FTP server. To do that, the command would be something like this:
Or, say the newstack.txt file is in your upload directory on the FTP server and you want to download it to your home directory on the local machine. For that, the command is:
If you opt to use a GUI, one thing to keep in mind is that you’ll have to configure your connections with port 22, as that is the default SSH port.
Congratulations, you now have a working FTP server that uses SSH’s SFTP protocol to send and receive files securely.
YOUTUBE.COM/THENEWSTACK
Tech moves fast, don’t miss an episode. Subscribe to our YouTubechannel to stream all our podcasts, interviews, demos, and more.
