Colin's Blog
CentOS 안전한 파일 전송 설정 (SFTP)

SFTP (Secure File Transfer Protocol) is a secure alternative to FTP for transmitting files between a client and a server. It provides encrypted communication and ensures data integrity. In this blog post, we will guide you on how to configure secure file transfer using SFTP on CentOS.

Prerequisites

Before proceeding with the setup, make sure you have the following:

Step 1: Enable and configure SSH service

SFTP relies on the SSH service for secure file transfer. By default, SSH is installed and running on CentOS, but it is recommended to verify that it is enabled and properly configured.

  1. Connect to your CentOS server via SSH: 
    ssh root@your_server_ip
  2. Open the SSH configuration file using a text editor: 
    vi /etc/ssh/sshd_config
  3. Make sure the following lines are uncommented and have the specified values: 
    PermitRootLogin no
PasswordAuthentication no
Subsystem sftp /usr/libexec/openssh/sftp-server

The first line disables root login, PermitRootLogin no, which is a security best practice. The second line disables password-based authentication, PasswordAuthentication no, and enforces key-based authentication for better security. The third line specifies the location of the SFTP subsystem.

  1. Save the changes and exit the text editor.

  2. Restart the SSH service to apply the changes:

    systemctl restart sshd

Step 2: Create SFTP-only user

To enhance security, it is recommended to create a separate user account dedicated to SFTP access.

  1. Create a new user using the adduser command. Replace <username> with your desired username: 
    adduser <username>

  2. Set a password for the user when prompted.

  3. Use the usermod command to restrict the user’s access to SFTP only: 
    usermod -s /sbin/nologin <username>

This command changes the user’s shell to /sbin/nologin, which restricts direct shell access.

Step 3: Configure SFTP-specific settings

Finally, we need to configure the specific settings for SFTP.

  1. Open the SSH configuration file again: 
    vi /etc/ssh/sshd_config
  2. Add the following lines at the end of the file: 
    Match User <username>
 ChrootDirectory /srv/sftp/%u
 ForceCommand internal-sftp
 X11Forwarding no
 AllowTcpForwarding no

Replace <username> with the SFTP user’s username.

  1. Create the directory that will act as the root directory for the SFTP user: 
    mkdir -p /srv/sftp/<username>
  2. Set the appropriate ownership and permissions on the directory: 
    chown root:root /srv/sftp/<username>
chmod 755 /srv/sftp/<username>
  3. Restart the SSH service to apply the changes: 
    systemctl restart sshd

Conclusion

With the steps provided above, you can easily configure secure file transfer using SFTP on CentOS. This ensures the confidentiality and integrity of your files during the transfer process. Remember to regularly update your server and apply security patches to stay protected against potential vulnerabilities.

© 2018 Colin. All rights reserved.