FileZilla在CentOS上如何使用SFTP

Prerequisites for Using FileZilla with SFTP on CentOS
Before using FileZilla to connect to a CentOS server via SFTP, ensure the following prerequisites are met:

• A CentOS server with OpenSSH installed (default on most CentOS versions).
• SFTP service enabled and configured (via /etc/ssh/sshd_config).
• A user account with SFTP access (either a dedicated SFTP user or an existing user with restricted permissions).
• FileZilla installed on your local machine (Windows, macOS, or Linux).

Step 1: Install and Configure SFTP Server on CentOS

SFTP is built into OpenSSH, so you only need to configure it properly.

1.1 Install OpenSSH Server

If OpenSSH is not already installed, run the following command to install it:

sudo yum install openssh-server -y

1.2 Start and Enable SSH Service

Start the SSH service and enable it to launch at boot:

sudo systemctl start sshd
sudo systemctl enable sshd

1.3 Configure SFTP in SSH Config File

Edit the SSH configuration file (/etc/ssh/sshd_config) to restrict SFTP access and enable the SFTP subsystem:

sudo nano /etc/ssh/sshd_config

Make the following changes:

• Enable SFTP Subsystem: Uncomment or add the line Subsystem sftp internal-sftp (this tells SSH to use the built-in SFTP server).
• Restrict Users/Groups: Add the following block to limit SFTP access to a specific group (e.g., sftpusers) and chroot them to their home directories:

  Match Group sftpusers
      ChrootDirectory /home/%u
      ForceCommand internal-sftp
      X11Forwarding no
      AllowTcpForwarding no
  

  Replace %u with the username (or use %h for the home directory).
• Disable Root Login (Optional but Recommended): Set PermitRootLogin no to prevent root logins via SSH/SFTP.

Save the file and exit (Ctrl+O, Enter, Ctrl+X).

1.4 Create SFTP Users and Set Permissions

Create a dedicated SFTP user group and add users to it:

sudo groupadd sftpusers
sudo useradd -m -g sftpusers -s /bin/false sftpuser  # -s /bin/false prevents SSH login
sudo passwd sftpuser  # Set a strong password

Set correct directory permissions for the chroot environment:

sudo chown root:root /home/sftpuser  # Chroot directory must be owned by root
sudo chmod 755 /home/sftpuser        # Allow read/execute for others
sudo mkdir -p /home/sftpuser/uploads # Create a subdirectory for file uploads
sudo chown sftpuser:sftpusers /home/sftpuser/uploads  # Allow user to write to this directory

Restart the SSH service to apply changes:

sudo systemctl restart sshd

Step 2: Install FileZilla on CentOS

To use FileZilla as a client on CentOS, install it via the package manager or download the RPM package.

2.1 Install via Yum (Recommended)

Run the following commands to install FileZilla:

sudo yum install epel-release -y  # Enable EPEL repository (if not already enabled)
sudo yum install filezilla -y

2.2 Launch FileZilla

Start FileZilla from the application menu or terminal:

filezilla

Step 3: Configure FileZilla for SFTP Connection

Use FileZilla’s Site Manager to set up a new SFTP connection to your CentOS server.

3.1 Open Site Manager

• Click File > Site Manager (or press Ctrl+S).
• Click New Site and enter a name (e.g., “CentOS SFTP Server”).

3.2 Enter Connection Details

Fill in the following fields:

• Host: Your CentOS server’s IP address or domain name (e.g., 192.168.1.100).
• Port: 22 (default SFTP port; change if you configured a custom port in /etc/ssh/sshd_config).
• Protocol: Select SFTP - SSH File Transfer Protocol.
• Logon Type: Choose Normal.
• User: Your SFTP username (e.g., sftpuser).
• Password: The password for the SFTP user.

3.3 Save and Connect

Click Connect. If this is your first time connecting, FileZilla will prompt you to accept the server’s SSH fingerprint—click OK to proceed.

• If the connection fails, verify:
  • The CentOS server’s IP/hostname is correct.
  • The SSH service is running (sudo systemctl status sshd).
  • The firewall allows SFTP traffic (port 22):

    sudo firewall-cmd --permanent --add-service=ssh
    sudo firewall-cmd --reload
    

Step 4: Use FileZilla to Transfer Files

Once connected, you’ll see two panels:

• Left Panel: Local files (your machine).
• Right Panel: Remote files (CentOS server).

Basic File Operations

• Upload: Drag and drop files from the left panel to the right panel.
• Download: Drag and drop files from the right panel to the left panel.
• Delete: Right-click a file/directory and select Delete.
• Create Directory: Right-click the remote panel and select Create Directory.

Advanced Tips

• Resume Interrupted Transfers: FileZilla automatically resumes broken transfers.
• Sync Directories: Use the Synchronize button (two arrows) to compare and sync local/remote directories.
• Custom Commands: Open the command dialog with Ctrl+P to run SFTP commands (e.g., ls, cd, pwd).

Security Best Practices

• Use SSH Keys: Replace password authentication with SSH keys for stronger security. Generate keys on your local machine (ssh-keygen) and copy the public key to the CentOS server (ssh-copy-id sftpuser@server_ip).
• Limit User Access: Restrict SFTP users to their chroot directories (configured in /etc/ssh/sshd_config).
• Keep Software Updated: Regularly update FileZilla and CentOS to patch vulnerabilities.

By following these steps, you can securely transfer files between your local machine and a CentOS server using FileZilla and SFTP.