惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

TaoSecurity Blog
TaoSecurity Blog
L
LINUX DO - 最新话题
Help Net Security
Help Net Security
N
News | PayPal Newsroom
www.infosecurity-magazine.com
www.infosecurity-magazine.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The Last Watchdog
The Last Watchdog
S
Security @ Cisco Blogs
W
WeLiveSecurity
C
CXSECURITY Database RSS Feed - CXSecurity.com
Webroot Blog
Webroot Blog
T
Troy Hunt's Blog
V
Vulnerabilities – Threatpost
Google Online Security Blog
Google Online Security Blog
N
News and Events Feed by Topic
T
Threat Research - Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tor Project blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
D
Darknet – Hacking Tools, Hacker News & Cyber Security
PCI Perspectives
PCI Perspectives
Google DeepMind News
Google DeepMind News
T
Tailwind CSS Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Apple Machine Learning Research
Apple Machine Learning Research
IT之家
IT之家
S
SegmentFault 最新的问题
J
Java Code Geeks
P
Privacy & Cybersecurity Law Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 【当耐特】
博客园_首页
H
Hacker News: Front Page
T
Threatpost
Jina AI
Jina AI
博客园 - Franky
月光博客
月光博客
L
LINUX DO - 热门话题
The Cloudflare Blog
H
Heimdal Security Blog
博客园 - 司徒正美
酷 壳 – CoolShell
酷 壳 – CoolShell
Cloudbric
Cloudbric
雷峰网
雷峰网
Hugging Face - Blog
Hugging Face - Blog
S
Secure Thoughts
T
Tenable Blog
I
Intezer
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻

博客园 - 不懂123

kafka添加用户管理认证 nodejs升级管理 elastic定时清除索引数据 kafka3.9集群部署 nginx扩展编译模块 rancher kafka部署 JumpServer使用示例 rancher kafka多监听配置 jenkins远程动态打包镜像 docker镜像仓库清理迁移 elastic单机多节点集群搭建 fastdfs编译升降版本 监控系统搭建集成实例 rancher服务启动异常 linux使用ssh免密连接windows主机 jenkins pipeline搭建 docker跨平台构建镜像 fastdfs系统异常 mongodb集群用户管理
sftp集成设置
不懂123 · 2026-03-23 · via 博客园 - 不懂123

sftp说明

      sftp是sshd服务默认集成的子服务,不需要单独的安装包,只需要进行一些配置即可

用户创建

     useradd sftpuser
     passwd sftpuser / Transfar2026

sshd配置说明

         vi /etc/ssh/sshd_config   && systemctl restart sshd

         把下面段粘贴到文件的最后一行,不然重启sshd服务的时候会出错

         Match User sftpuser
                   X11Forwarding no
                  AllowTcpForwarding no
                  ChrootDirectory /home/sftpuser
                  PasswordAuthentication yes
                  ForceCommand internal-sftp

         image

 添加文件保存目录

           chown -R root:root /home/sftpuser

           chmod 755 /home/sftpuser

           mkdir /home/sftpuser/upload

           chown sftpuser:sftpuser /home/sftpuser/upload

           chmod 755 /home/sftpuser/upload

连接测试

       sftp -v sftpuser@192.168.30.229

日志查看

         journalctl -u sshd -f

         tail -f /var/log/secure

        image

        image

        image

       sftp配置成功

SSH算法配置不兼容

      image

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key_384


SyslogFacility AUTH

PermitRootLogin yes
MaxAuthTries 5

AuthorizedKeysFile      .ssh/authorized_keys
PasswordAuthentication yes

ChallengeResponseAuthentication no


GSSAPIAuthentication yes
GSSAPICleanupCredentials no

UsePAM yes
X11Forwarding no
PrintMotd no

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO -f AUTH


Protocol 2
LogLevel VERBOSE
PubkeyAuthentication yes
IgnoreRhosts yes
HostbasedAuthentication no
PermitEmptyPasswords no
PermitUserEnvironment no
ClientAliveCountMax 0
Banner /etc/issue.net
StrictModes yes
AllowTcpForwarding no
AllowAgentForwarding no
GatewayPorts no
PermitTunnel no


PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys


KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
Ciphers aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-sha1


HostbasedAcceptedKeytypes ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512
GSSAPIKexAlgorithms gss-group14-sha256-,gss-group16-sha512-,gss-curve25519-sha256-
CASignatureAlgorithms ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256
HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512
PubkeyAcceptedKeyTypes ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512

Match User sftpusers
        ChrootDirectory /app/sftpuser
        AllowTcpForwarding no
        X11Forwarding no
        PasswordAuthentication yes
        ForceCommand interal-sftp

严格算法sshd_config

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTH
PermitRootLogin no
AuthorizedKeysFile    .ssh/authorized_keys
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding no
PrintMotd no
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem sftp /usr/libexec/openssh/sftp-server -l INFO -f AUTH
Protocol 2
LogLevel VERBOSE
PubkeyAuthentication yes
RSAAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
PermitUserEnvironment no
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com
ClientAliveCountMax 0
Banner /etc/issue.net
MACs hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha1,hmac-sha1-96
StrictModes yes
AllowTcpForwarding no
AllowAgentForwarding no
GatewayPorts no
PermitTunnel no
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Match User sftpuser
        X11Forwarding no
        AllowTcpForwarding no
        ChrootDirectory /home/sftpuser
        PasswordAuthentication yes
        ForceCommand internal-sftp

正常配置sshd_config

     因为sshd_config配置算法严格,导致命令行测试sftp上传文件正常,通过程序客户端上传文件即报错。用正常sshd_config覆盖严格算法sshd_config 重启sshd 即可

       image

       image

       image

       image

          image

       把sshd_config配置文件中的HostbasedAcceptedKeytypes等相关配置先去掉即可