如何使用Debian SFTP进行远程登录

Prerequisites
Ensure your Debian system has an active internet connection and basic utilities installed. You’ll need root or sudo privileges to perform administrative tasks.

1. Install OpenSSH Server
Debian includes OpenSSH Server by default, but if it’s not installed, run:

sudo apt update && sudo apt install openssh-server -y

This installs the SSH server, which also provides SFTP functionality. The service starts automatically after installation.

2. Configure SSH for SFTP
Edit the SSH configuration file to enable SFTP and customize access rules:

sudo nano /etc/ssh/sshd_config

• Enable Internal SFTP Subsystem: Uncomment or add the line:

  Subsystem sftp internal-sftp
  

  This uses OpenSSH’s built-in SFTP server (more secure than the legacy sftp-server).

• Restrict Users/Groups (Optional but Recommended): To limit SFTP access to specific users or groups, add a Match block at the end of the file. For example, to restrict a group called sftpusers:

  Match Group sftpusers
      ChrootDirectory %h  # Lock users to their home directories
      ForceCommand internal-sftp  # Only allow SFTP (no shell access)
      AllowTcpForwarding no  # Disable port forwarding
      X11Forwarding no  # Disable X11 forwarding
  

  Save changes and exit the editor (Ctrl+O, Enter, Ctrl+X).

3. Restart SSH Service
Apply configuration changes by restarting the SSH service:

sudo systemctl restart ssh

To ensure the service starts on boot, enable it:

sudo systemctl enable ssh

4. Create SFTP Users

• Option A: Individual User with Home Directory
  Create a user and set a password:

  sudo adduser your_username
  

  By default, the home directory (/home/your_username) is created with correct permissions.

• Option B: Add User to sftpusers Group (Recommended for Bulk Management)
  First, create the group and add the user:

  sudo groupadd sftpusers  # Create group if it doesn’t exist
  sudo usermod -aG sftpusers your_username  # Add user to group
  

  This ensures the user inherits SFTP restrictions from the Match Group block.

5. Set Home Directory Permissions
For SFTP to work correctly (especially with ChrootDirectory), the user’s home directory must be owned by root and have 755 permissions:

sudo chown root:root /home/your_username
sudo chmod 755 /home/your_username

If the user needs to upload files, create a subdirectory (e.g., uploads) and grant ownership to the user:

sudo mkdir /home/your_username/uploads
sudo chown your_username:your_username /home/your_username/uploads

6. Test SFTP Connection
From a remote machine (or locally), connect to the Debian server using SFTP:

sftp your_username@your_server_ip

• Enter the user’s password when prompted.
• If configured correctly, you’ll see the SFTP prompt (sftp>).
• Verify basic commands:

  sftp> ls  # List remote files
  sftp> put local_file.txt  # Upload a file
  sftp> get remote_file.txt  # Download a file
  sftp> exit  # Quit the session
  

Optional: Configure Key-Based Authentication (More Secure)
To avoid entering passwords, set up SSH key authentication:

• Generate Key Pair on Local Machine:

  ssh-keygen -t rsa -b 4096
  

  Press Enter to save the key to the default location (~/.ssh/id_rsa).

• Copy Public Key to Server:

  ssh-copy-id your_username@your_server_ip
  

  Enter the user’s password. This adds the public key to ~/.ssh/authorized_keys on the server.

• Test Key Authentication:

  sftp -o PreferredAuthentications=publickey your_username@your_server_ip
  

  You should log in without being prompted for a password.

Troubleshooting Tips

• Check Logs: If connection fails, review /var/log/auth.log for errors (e.g., permission issues).
• Firewall: Ensure port 22 (default SSH/SFTP) is open on your server.
• Configuration Errors: A typo in /etc/ssh/sshd_config can prevent SSH from starting. Validate syntax with sudo sshd -t before restarting.

以上就是关于“如何使用Debian SFTP进行远程登录”的相关介绍，筋斗云是国内较早的云主机应用的服务商，拥有10余年行业经验，提供丰富的云服务器、租用服务器等相关产品服务。云服务器资源弹性伸缩，主机vCPU、内存性能强悍、超高I/O速度、故障秒级恢复；电子化备案，提交快速，专业团队7×24小时服务支持！

简单好用、高性价比云服务器租用链接：https://www.jindouyun.cn/product/cvm