How to Modify Debian SFTP Settings
SFTP (SSH File Transfer Protocol) is a secure way to transfer files between a client and a server. On Debian, SFTP is managed via the OpenSSH server, so modifying its settings involves editing the SSH configuration file and adjusting user permissions. Below are the key steps to modify SFTP settings on Debian:
1. Install OpenSSH Server (If Not Installed)
Before configuring SFTP, ensure the OpenSSH server is installed. Run the following commands to update your package list and install the server:
sudo apt update
sudo apt install openssh-server
2. Backup the Original SSH Configuration File
Before making changes, back up the original sshd_config file to avoid losing default settings:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
3. Edit the SSH Configuration File
Open the sshd_config file in a text editor (e.g., nano) to modify SFTP settings:
sudo nano /etc/ssh/sshd_config
4. Modify SFTP Subsystem Settings
By default, Debian uses the internal SFTP server. To enable it, locate the Subsystem sftp line and ensure it is uncommented (no # at the start). You can use either the internal server or an external binary (e.g., /usr/lib/openssh/sftp-server). For most cases, the internal server is sufficient:
# Use the internal SFTP server (recommended)
Subsystem sftp internal-sftp
# Alternatively, use an external binary (uncomment if needed)
# Subsystem sftp /usr/lib/openssh/sftp-server
5. Restrict Users to SFTP (Optional but Recommended)
To limit specific users or groups to SFTP-only access (preventing shell login), add a Match block at the end of the file. For example, to restrict the sftpusers group:
Match Group sftpusers
ChrootDirectory %h # Lock users to their home directory
ForceCommand internal-sftp # Force SFTP usage (no shell access)
AllowTcpForwarding no # Disable TCP forwarding
X11Forwarding no # Disable X11 forwarding
This ensures users in the sftpusers group can only use SFTP and cannot access the server’s shell.
6. Create an SFTP User Group and Add Users
To manage SFTP users efficiently, create a dedicated group (e.g., sftpusers) and add users to it:
# Create the sftpusers group
sudo groupadd sftpusers
# Add a user to the group (replace 'username' with the actual username)
sudo usermod -aG sftpusers username
# Set a password for the user (if not already set)
sudo passwd username
7. Configure Home Directory Permissions
For chroot to work correctly, the user’s home directory must be owned by root with 755 permissions. Additionally, create a subdirectory (e.g., upload) where the user can upload files (owned by the user):
# Set home directory ownership and permissions
sudo chown root:root /home/username
sudo chmod 755 /home/username
# Create an upload directory and set ownership to the user
sudo mkdir /home/username/upload
sudo chown username:sftpusers /home/username/upload
8. Restart the SSH Service
After saving changes to sshd_config, restart the SSH service to apply the new settings:
sudo systemctl restart sshd
9. Verify the SFTP Connection
Test the configuration by connecting to the server using an SFTP client (e.g., the command-line sftp tool):
sftp username@your_server_ip
If configured correctly, you should see the SFTP prompt and be restricted to the user’s home directory (or the upload subdirectory).
Key Notes for Security
- Always use strong passwords for SFTP users.
- Avoid granting root access via SFTP—restrict users to their home directories.
- Regularly check the SSH logs (
/var/log/auth.log) for unauthorized access attempts.
By following these steps, you can modify Debian’s SFTP settings to meet your security and functionality requirements.
以上就是关于“如何修改debian sftp设置”的相关介绍,筋斗云是国内较早的云主机应用的服务商,拥有10余年行业经验,提供丰富的云服务器、租用服务器等相关产品服务。云服务器资源弹性伸缩,主机vCPU、内存性能强悍、超高I/O速度、故障秒级恢复;电子化备案,提交快速,专业团队7×24小时服务支持!
简单好用、高性价比云服务器租用链接:https://www.jindouyun.cn/product/cvm