Creating a New User
| sudo adduser sammyfiles # using the default
|
Restricting Access to the home directory only
/etc/ssh/sshd_config
| Match User sammyfiles
ForceCommand internal-sftp
PasswordAuthentication yes
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
|
Verifying the Configuration
| systemctl restart sshd
ssh sammyfiles@your_server_ip # should failed
sftp sammyfiles@your_server_ip # should success
|
More detail see this link
Setting up Nginx to do stream proxy
Because the SFTP server is in the internal network, only port 1027 is available on the Internet.
| yum install nginx-mod-stream
firewall-cmd --list-all
firewall-cmd --add-port=1027/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all
systemctl restart filewalld
|
The stream block should be located with the http block side by side.
/etc/nginx/nginx.conf
| stream {
upstream jtyhlinkthape_proxy {
server 172.17.1.38:22;
}
server {
listen 1027;
proxy_timeout 30s;
proxy_pass jtyhlinkthape_proxy;
}
}
|