Every now and then you might want to transfer a substantial amount of data in a secure manner. Here comes SSH to help you.
You can run these steps on a container, VM or bare metal server.
yum -y install openssh-server
systemctl enable sshd && systemctl start sshd
Make sure you disable “root login” via /etc/ssh/sshd_config
vi /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
AuthorizedKeysFile /etc/ssh/sftp_users/%u/.ssh/authorized_keys
Match Group sftp_users
ChrootDirectory /home/%u/public
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
Restart SSH after changing configuration
systemctl restart sshd
Let’s create a group called: sftp_users
groupadd sftp_users
Steps to create a SFTP Chrooted User:
USER-NEW=example_user
useradd -g sftp_users -s /sbin/nologin $USER-NEW
chmod 755 /home/$USER-NEW
chown root.root /home/$USER-NEW
mkdir -p /home/$USER-NEW/upload
chown $USER-NEW.$USER-NEW /home/$USER-NEW/upload
mkdir -p /etc/ssh/sftp_users/$USER-NEW/.ssh
chmod 700 /etc/ssh/sftp_users/$USER-NEW/.ssh
cat /tmp/pubkey.pub > /etc/ssh/sftp_users/$USER-NEW/.ssh/authorized_keys
chmod 600 /etc/ssh/sftp_users/$USER-NEW/.ssh/authorized_keys
chown -R $USER-NEW.$USER-NEW /etc/ssh/users/$USER-NEW
Next would be to install Fail2Ban
yum -y install epel-release
yum -y install fail2ban fail2ban-systemd
vi /etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8
ignorecommand =
bantime = 3600
findtime = 3600
maxretry = 5
vi /etc/fail2ban/jail.d/sshd.local
[sshd]
enabled = true
port = ssh
#action = firewallcmd-ipset
logpath = %(sshd_log)s
maxretry = 5
bantime = 86400
systemctl enable firewalld
systemctl start firewalld
systemctl enable fail2ban
systemctl start fail2ban
Check the status of Fail2Ban
fail2ban-client status
