這個是需要在本機上設定用戶名的。根據不同的用戶權限。然后讓不同的人來到本機上取得數據。

參考一下有用的文章：http://www.ericstockwell.com/?p=54?????? (強烈建議閱讀此文章，別的先不用探討了）

還有：http://superuser.com/questions/370953/how-to-not-allow-user-outside-of-home-directory-with-sftp （這是個人問的問題，他說的很通俗易懂，是我們想要的功能）

想對于ftp來說，sftp安全許多，而且，途徑許多。用的ssh默認端口22傳輸的文件。如果更改的話，要另外指明。

?

是經過這樣一個過程來到的。user_a, user_b, 使他們只能訪問/home/user_a, /home/user_b 的各自的目錄下的內容，而不能訪問其他的文件夾的內容。就是說沒有root權限那樣的，到處查看文件，/ 等是不允許的。

所以，最簡單的辦法是，要在ssh.conf里面更改一些東西。在ubutnu的衍生版里面，需要先下載sshd這個東西，現在都在用openssh, 不錯的東西。用后臺來啟動ssh服務的。

那么，下載安裝完以后，我們開始

步驟。

1. 編輯/etc/ssh/sshd_config 文檔

找到 Subsystem sftp 這一行，修改成

Subsystem sftp internal-sftp

?

再增加幾行在/etc/ssh/sshd_config 的最下面

Match User user_aChrootDirectory %hForceCommand internal-sftpMatch User user_bChrootDirectory %hForceCommand internal-sftp

上面的%h的意思是 當前用戶的主目錄。這里對user_a 的是 /home/user_a （這個在創建用戶的時候有了解，具體請查看 man adduser, man usermod, chown, chmod 來操作一些用戶, 文件權限 )

2. 比較重要的是用戶權限問題，這個在下面的文章引用里面有介紹了。

3. 比較重要的都在下面，很詳細，關于文件權限，上傳，修改，刪除，復寫等操作，都可以這樣做。跟本機差不多。所以非常方便的。

?

#######################################

最后還是沒忍心，把原文章拿來引用了。可以直接跳過上面的所有東西，很全，全部看這個就夠了。

文章出處：http://www.ericstockwell.com/?p=54

作者：Blither.

How to set up and chroot SFTP users with OpenSSH 5.1p1 in Ubuntu 8.10

(This is mostly an edited copy-and-paste from a forum post I wrote several months ago.)

I had been wanting to set up an encrypted-transaction FTP server for a while (SFTP) in a chrooted environment, so I did a few hours of half-baked-blog parsing and keyboard-pounding in order to figure this out in a way that would work consistently, even if it isn’t 100% efficient. Your noob-radar should be flashing right about now ;). Since version 4.8, openssh has had the ability to (fairly) easily chroot sftp users into a specified directory using a new sshd_config directive, ChrootDirectory. The purpose of this guide is to demonstrate how to set up a simple chrooted sftp system from square one implementing this self-contained chroot mechanism (using only openssh without the need for rssh), and how to add users under this paradigm.

(1) Installation and initial configuration

It is possible that ssh is not installed, so:

$ sudo apt-get install ssh

We need to configure the sftp subsystem to use the internal sftp module. Open

/etc/ssh/sshd_config

in a text editor (you will probably have to use “sudo”), and find the line that starts with “Subsystem sftp”. Comment out (or delete) this line, and replace it with:

Subsystem sftp internal-sftp

Save and exit your editor.

(2) User Setup

This section should be repeated for each user to whom you grant sftp-only access.

Because sftp (as included with openssh) wraps around ssh, your users are going to need system accounts. Let’s prepare a user named “johndoe” (replace “johndoe” with whatever new user account you wish). The user “johndoe” should, in this case, only be able to log in using sftp (as opposed to ssh) once we’re done.

$ sudo mkdir /home/johndoe $ sudo useradd johndoe

We’ll have to set their home directory permissions appropriately. It’s important that root owns this and that its group ID is identical to the username, and that the permissions are set so that only root can write:

$ sudo chown root:johndoe /home/johndoe $ sudo chmod 755 /home/johndoe

Force the normal login directory just in case:

$ sudo usermod -d /home/johndoe johndoe

Now give him a password:

$ sudo passwd johndoe

Set the new user a dummy shell (so they don’t have real shell access).

$ sudo usermod -s /bin/false johndoe

Now we need to indicate that this particular user must be jailed into their home directory. Once again, open /etc/ssh/sshd_config in a text editor, and add the following at the end of the file:

Match User johndoeChrootDirectory /home/johndoeForceCommand internal-sftp

Now, user johndoe should have read access to his home directory. Let’s give him a place to upload stuff:

$ sudo mkdir /home/johndoe/upload $ sudo chown johndoe:johndoe /home/johndoe/upload $ sudo chmod 755 /home/johndoe/upload

Done! Restart the ssh daemon (run this any time you want changes to become effective):

sudo /etc/init.d/ssh restart

(3) Giving SFTP users read access to some other directory

As an interesting aside, let’s say you (the sysadmin) have a common info/media/data directory you wish to share with your sftp users without actually copying all that data over (or allowing it to be edited/deleted/corrupted). We can do this by mounting it read-only somewhere in their login directory. They’re going to need a place to get to it:

$ sudo mkdir /home/johndoe/readonly

Now we mount our directory of choice (in this example, /home/sysadmin/junk/shared-data) as read-only in said folder:

$ sudo mount -r --bind /home/sysadmin/junk/shared-data /home/johndoe/readonly

It will probably help to have this happen automatically on startup. Anything added to rc.local will run as root at startup, so there is no need to indicate ’sudo’. If you have multiple users (or even just one) it helps to add something like this to /etc/rc.local (before the “exit 0″ line of course):

for user in johndoe marysue someguy do mount -r --bind /home/sysadmin/junk/shared-data /home/$user/readonly done

Note: You cannot mount more than one folder/device/partition/netshare in a particular location. Doing so won’t damage anything, but the mount point will only display the object mounted last in sequence. There are other constraints which you may discover, but those are beyond the scope of this guide (and they make me drink).

×××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××××

轉載于:https://www.cnblogs.com/spaceship9/p/3159551.html

總結

以上是生活随笔為你收集整理的sftp 服务器外网访问设置的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。