Environmental Science:
CentOS 7,OpenSSH_7.4p1
Summary description:
This article mainly describes how to configure SFTP service, how to set up multi-user and user directory permission control, how to control ssh connection;
Steps:
1. Configure ssh and Sftp (default Sftp server) at the same time
The general root user uses ssh and sftp connection at the same time. At this time, the default sftp server service is used, that is, / usr / libexec / openssh / sftp server;
a. Create user groups and users
#Create user group groupadd ssh-test #create folder mkdir /home/ssh-test #Create user useradd -g ssh-test -d /home/ssh-test/ssh-user1 ssh-user1 #Change Password: passwd ssh-user1 #Set directory permission chown -R ssh-user1:ssh-test /home/ssh-test/ssh-user1/ chmod 755 /home/ssh-test/ssh-user1/
At this time, sftp connection can be performed. The connection test is as follows:
sftp ssh-user1@localhost
At this time, ssh connection is not allowed. If you want to make ssh connection, you need to do the following:
b. Set ssh
Switch to the user to set up
#Switch to user: su user name su ssh-user1
Add SSH key:
#Use ssh keygen - t RSA to set ssh, and then enter all the time; after that, you can use ls -a to view bash-4.2$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/ssh-test/ssh-user1/.ssh/id_rsa): Created directory '/home/ssh-test/ssh-user1/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ssh-test/ssh-user1/.ssh/id_rsa. Your public key has been saved in /home/ssh-test/ssh-user1/.ssh/id_rsa.pub. The key fingerprint is: SHA256:Z9PKFIqe7WjG2rV6tKhyWnTtNVw5ydZ0bdAXCGUkKfc ssh-user1@iZbp1dham6enej0lrs00riZ The key's randomart image is: +---[RSA 2048]----+ | o=++++| | . +o* .=| | + O ...| | o o = E | | . o S O . | | . o +.* + | | ..oo+.o | | ....=+o. | | .+o=+oo | +----[SHA256]-----+ bash-4.2$ ls -a
Test to see if you can ssh:
ssh ssh-user1@localhost
2. Configure sftp (internal sftp service)
The general sftp only configuration usually uses internal sftp service;
The same first step is to create user groups and users:
a. Create user groups and users
#Create user group groupadd sftp-test #create folder mkdir /home/sftp-test #Add users and make ssh connection unavailable useradd -g sftp-test -s /sbin/nologin -d /home/sftp-test/sftp-user1 sftp-user1 #To grant authorization chown -R sftp-user1:sftp-test /home/sftp-test/sftp-user1/ chmod 755 /home/sftp-test/sftp-user1/
b. Configure sshd config
Use vi to edit / etc / SSH / sshd? Config:
#Comment on this trip #Subsystem sftp /usr/libexec/openssh/sftp-server #Specify internal SFTP service Subsystem sftp internal-sftp #Configure sftp #Add the following two lines if you don't want the user to use port forwarding, otherwise delete them X11Forwarding no AllowTcpForwarding no #This is to force the use of sftp connection. After it is opened, the root user is not allowed to ssh connection #ForceCommand internal-sftp #Specify a user group, or use Match User to specify a user Match Group sftp-test #Specify sftp root ChrootDirectory /home/sftp-test
Restart service after saving:
systemctl restart sshd
Test connection:
sftp sftp-user1@localhost
3. Modify port number
Use vi to edit / etc / SSH / sshd? Config to modify the port number:
#Release the following line and change it to the desired port #Port 22
Restart service after saving:
systemctl restart sshd
Specify port connection test:
sftp -oPort = specify port sftp-user1@localhost ssh -oPort = specify port ssh-user1@localhost
4.java operation sftp
The operation sftp tool class is as follows:
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.util.Properties;
import java.util.Vector;
import com.jcraft.jsch.Channel;
import com.jcraft.jsch.ChannelSftp;
import com.jcraft.jsch.ChannelSftp.LsEntry;
import com.jcraft.jsch.JSch;
import com.jcraft.jsch.JSchException;
import com.jcraft.jsch.Session;
import com.jcraft.jsch.SftpException;
import com.tit.taf.log.TAFLog;
/**
* SFTP Tool class
*
*/
public class SFTPUtil {
/**
* Connect to sftp server
*
* @param host
* Host
* @param port
* port
* @param username
* User name
* @param password
* Password
* @return
*/
public ChannelSftp connect(String host, int port, String username,
String password) {
ChannelSftp sftp = null;
try {
JSch jsch = new JSch();
jsch.getSession(username, host, port);
Session sshSession = jsch.getSession(username, host, port);
TAFLog.info("Session created.");
sshSession.setPassword(password);
Properties sshConfig = new Properties();
sshConfig.put("StrictHostKeyChecking", "no");
sshSession.setConfig(sshConfig);
sshSession.connect();
TAFLog.info("Session connected.");
TAFLog.info("Opening Channel.");
Channel channel = sshSession.openChannel("sftp");
channel.connect();
sftp = (ChannelSftp) channel;
TAFLog.info("Connected to " + host + ".");
} catch (Exception e) {
TAFLog.error("sftp Link exception", e);
}
return sftp;
}
/**
* Upload files
*
* @param directory
* Uploaded directory
* @param uploadFile
* Files to upload
* @param sftp
*/
public void upload(String directory, String uploadFile, ChannelSftp sftp)
throws Exception {
FileInputStream in = null;
try {
makeDirs(directory, sftp);
sftp.cd(directory);
File file = new File(uploadFile);
in = new FileInputStream(file);
sftp.put(in, file.getName());
TAFLog.info("Upload file path[" + directory + "/" + file.getName() + "]");
} catch (Exception e) {
throw e;
} finally {
if (in != null) {
in.close();
}
}
}
/**
* Download File
*
* @param directory
* Download directory
* @param downloadFile
* Downloaded files
* @param saveFile
* There is a local path
* @param sftp
*/
public void download(String directory, String downloadFile,
String saveFile, ChannelSftp sftp) throws Exception {
FileOutputStream out = null;
try {
sftp.cd(directory);
File file = new File(saveFile);
out = new FileOutputStream(file);
sftp.get(downloadFile, out);
} catch (Exception e) {
e.printStackTrace();
} finally {
if (out != null) {
out.close();
}
}
}
/**
* Delete files
*
* @param directory
* To delete the directory where the file is located
* @param deleteFile
* Files to delete
* @param sftp
*/
public void delete(String directory, String deleteFile, ChannelSftp sftp) {
try {
sftp.cd(directory);
sftp.rm(deleteFile);
} catch (Exception e) {
e.printStackTrace();
}
}
/**
*
* create folder
*
* @param
* @return
*/
public void makeDirs(String directory, ChannelSftp sftp)
throws SftpException {
String[] dirs = directory.split("/");
if (dirs.length > 1) {
int i = 0;
String temp = "/" + dirs[i];
boolean end = false;
while (!end) {
try {
sftp.ls(temp);
} catch (Exception e) {
sftp.mkdir(temp);
}
i++;
if (i >= dirs.length) {
end = true;
} else {
temp += "/" + dirs[i];
}
}
}
}
/**
* List files in directory
*
* @param directory
* Directories to list
* @param sftp
* @return
* @throws SftpException
*/
@SuppressWarnings("unchecked")
public Vector<LsEntry> listFiles(String directory, ChannelSftp sftp)
throws SftpException {
return sftp.ls(directory);
}
public void disconnect(ChannelSftp sftp) {
if (sftp != null) {
try {
sftp.getSession().disconnect();
} catch (JSchException e) {
TAFLog.error("To break off SFTP Connection exception", e);
}
}
}
}