Creating a New User
Creating a New User
| sudo adduser sammyfiles # using the default
|
Restricting Access to the home directory only
/etc/ssh/sshd_config
| Match User sammyfiles
ForceCommand internal-sftp
PasswordAuthentication yes
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
|
Verifying the Configuration
Verifying the Configuration
| systemctl restart sshd
ssh sammyfiles@your_server_ip # should failed
sftp sammyfiles@your_server_ip # should success
|
More detail see this link
Setting up Nginx to do stream proxy
Because the SFTP server is in the internal network, only port 1027 is available on the Internet.
Setting up Nginx to do stream proxy
| yum install nginx-mod-stream
firewall-cmd --list-all
firewall-cmd --add-port=1027/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all
systemctl restart filewalld
|
The stream block should be located with the http block side by side.
/etc/nginx/nginx.conf
| stream {
upstream jtyhlinkthape_proxy {
server 172.17.1.38:22;
}
server {
listen 1027;
proxy_timeout 30s;
proxy_pass jtyhlinkthape_proxy;
}
}
|