Prerequisites
Before setting up SFTP file sharing on Debian, ensure your system is updated and the OpenSSH server (which includes SFTP) is installed. Most Debian systems include OpenSSH by default, but you can verify and install it with:
sudo apt update && sudo apt upgrade -y
sudo apt install openssh-server -y
This installs OpenSSH, which provides both SSH (secure shell) and SFTP (secure file transfer protocol) functionality.
Step 1: Configure the SSH Server for SFTP
Edit the SSH configuration file to enable SFTP and restrict access (recommended for security). Open the file with a text editor:
sudo nano /etc/ssh/sshd_config
Make the following changes:
- Enable the internal SFTP subsystem (replace or uncomment the
Subsystemline):Subsystem sftp internal-sftp - Restrict users to SFTP-only (add at the end of the file to apply to a group):
This ensures members of theMatch Group sftpusers ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no X11Forwarding nosftpusersgroup can only use SFTP and are confined to their home directories.
Step 2: Create a Dedicated SFTP User Group and User
For better security, create a dedicated group for SFTP users and add users to it. This avoids granting broad SSH access to all users.
- Create the group:
sudo groupadd sftpusers - Create a user (replace
sftpuserwith your desired username):
Set a strong password and complete the user creation prompts.sudo adduser sftpuser - Add the user to the
sftpusersgroup:
Thesudo usermod -aG sftpusers sftpuser-aGflag appends the user to the group without removing them from other groups.
Step 3: Set Up SFTP Directories with Correct Permissions
SFTP requires strict directory permissions to function securely. The user’s home directory must be owned by root, while subdirectories (e.g., for file uploads) must be owned by the user.
- Set home directory ownership and permissions:
sudo chown root:root /home/sftpuser sudo chmod 755 /home/sftpuser - Create a subdirectory for file uploads (e.g.,
upload):sudo mkdir /home/sftpuser/upload - Set ownership and permissions for the upload directory:
sudo chown sftpuser:sftpusers /home/sftpuser/upload sudo chmod 755 /home/sftpuser/uploaduploaddirectory.
Step 4: Restart the SSH Service to Apply Changes
After modifying the SSH configuration, restart the service to activate the changes:
sudo systemctl restart sshd
You can verify the service status with:
sudo systemctl status sshd
Ensure the service is active (running).
Step 5: Connect to the SFTP Server
Use an SFTP client to connect to your Debian server. You can choose between command-line or graphical clients:
Command-Line SFTP
Open a terminal and connect using:
sftp sftpuser@your_server_ip
Replace sftpuser with your username and your_server_ip with your server’s IP address. Enter the user’s password when prompted.
Common SFTP Commands:
- List remote files:
ls - Upload a file:
put local_file remote_directory(e.g.,put ~/Documents/report.txt /upload/) - Download a file:
get remote_file local_directory(e.g.,get /upload/report.txt ~/Downloads/) - Create a remote directory:
mkdir new_folder - Exit the session:
exit.
Graphical SFTP Clients
For a more intuitive experience, use clients like:
- FileZilla: Open FileZilla, enter the server IP, username, and password in the “Quick Connect” bar, and click “Connect”.
- WinSCP: Similar to FileZilla, enter connection details and click “Login”.
These clients provide drag-and-drop functionality for easy file transfers.
Optional: Enhance Security
- Use SSH Key Authentication: Replace password authentication with SSH keys for stronger security. Generate a key pair on your local machine (
ssh-keygen) and copy the public key to the server (ssh-copy-id sftpuser@your_server_ip). - Configure Firewall: Allow only specific IP addresses to access the SFTP port (default: 22) using
ufw(Debian’s firewall tool):sudo ufw allow from your_trusted_ip to any port 22 sudo ufw enable - Regularly Update Software: Keep Debian and OpenSSH updated to patch security vulnerabilities.
以上就是关于“怎样通过Debian SFTP进行文件共享”的相关介绍,筋斗云是国内较早的云主机应用的服务商,拥有10余年行业经验,提供丰富的云服务器、租用服务器等相关产品服务。云服务器资源弹性伸缩,主机vCPU、内存性能强悍、超高I/O速度、故障秒级恢复;电子化备案,提交快速,专业团队7×24小时服务支持!
简单好用、高性价比云服务器租用链接:https://www.jindouyun.cn/product/cvm