Setting up SFTP on RHEL/CentOS-7

Secure File Transfer Protocol (SFTP) is a method for transferring files over a secure shell (SSH) connection.

Unlike the regular FTP protocol, SFTP offers encryption, ensuring data remains confidential and secure transit. 

Step1:- Installing OpenSSH Server

OpenSSH provides the SFTP functionality we need. If you haven't installed it yet, Then you can install it by using following yum command.

$ sudo yum install openssh-server 

Step2:- Starting, Enabling & Status checking for SSHD Service.

$ sudo systemctl start sshd 

$ sudo systemctl enable sshd

$ sudo systemctl status sshd

Step3:- Configuring SFTP Users

If you want to set up a specific user to access SFTP and restrict them to their home directory, follow these steps:

a. Create a user, 

$ sudo useradd <UserName> 

$ sudo passwd <UserPassword> 

b. Edit the SSH configuration file and Add or Modify the following lines to restrict users to their home directory

$ sudo vim /etc/ssh/sshd_config 

Subsystem sftp internal-sftp

Match User <UserName>

ChrootDirectory %h

AllowTCPForwarding no

PasswordAuthentication yes

X11Forwarding no

ForceCommand internal-sftp

c. After Making changes to the SSHD configuration file, restart the service to apply them:

$ sudo systemctl restart sshd 

Step4:- Check for Configuration file Errors, if any

$ sshd -t 

If the 'sshd -t' command points to a specific line, review and correct that part of the configuration. If you have made any changes in the configuration, we have restart the sshd service again.

Step5:- Setting up the Correct Permissions

The chroot environment requires specific permissions. The base directory should not writable by any other user or groups.

For Example, I'm using following File Permissions for the following directory.

$ sudo chmod 755 /home/<UserName> 

$ sudo chown <UserName:GroupName> /home/<UserName> 

To allow the user to upload files, you can create a directory inside the user's home directory:

$ sudo mkdir /home/<UserName>/files 

$ sudo chown <UserName:GroupName> /home/<UserName>/files 

Now, the user can upload files to the /files directory.

Step 6:- Testing the SFTP Connection:

From a client machine or another terminal

$ sftp <UserName>@<HostName/IP> 

Once logged in, the user should only see the contents of their home directory and should only be able to navigate and manipulate files within '/files' directory.

Troubleshooting SSHD Service Restart Issues on Linux

If you've encountered issues restarting the 'sshd' service on your Linux servers, you're not alone. Here's a brief guide to diagnosing and resolving the problem. 

1. Check the Service status:

Begin by checking immediate status:

$ sudo systemctl status sshd.service 

This provides a snapshot of the service's status and any immediate error messages.

2. Dive into Detailed Logs:

For a more comprehensive log view:

$ sudo journalctl -xe 

3. Validate your Configuration:

Errors often arise froma misconfigured configuration file. Validate its syntax with:

$ sshd -t 

4. Common configuration pitfalls:

• Typos or misconfiguration in the directives.
• Incorrect file paths.
• Inappropriate file or directory permissions.
  
  

5. Restart and Test:

After making corrections, give the restart another shot:

$ sudo systemctl restart sshd 

Introduction to the Bash Shell

•  A command line is a text-based interface which can be used to input instructions to a computer system.
  
  
• The Linux command line is provided by a program called the shell. Various options for the shell program have been developed over the years and different users can be configured to use difference shells. Most users, however, stick with the current default shell.
  
  
• The default shell for users in RHEL/CentOS is the GNU Bourne-Again shell (BASH). Bash is an improved version of one of the most successful shells used on UNIX-like systems, the Bourne Shell (sh).
  
  
• When a shell is used interactively, it display a string when it is waiting for a command from the user. This is called the shell prompt.
  
  
• When a regular user starts s shell, the default prompt ends with a $ character, as shown below

        [myname@servername ~] $ 

• The $ character is replaced by a # character if the shell is running as the superuser, root. This makes it more obvious that it is a superuser shell, which helps to avoid accidents and mistakes which can affect the whole system. The superuser shell prompt is shown as below.

        [myname@servername ~] # 

• Using bash to execute commands can be powerful. The bash shell provides a scripting language that can simply or make possible operations that are hard to accomplish efficiently with graphical tools.

Commands entered at the shell prompt have tree basic parts:

• Command to run
• Options to adjust the behavior of the commands
• Arguments, which are typically targets of the commands

  The command is the name of the program to run. It may be followed by one or more options, which adjust the behavior's of the commands or what it will do.

 Options normally start with one or two dashes (-a or --all) to distinguish them from arguments.

 Commands may also be followed by one or more arguments, which often indicates a target that the command should operate upon.

How to create SWAP Space in RHEL/CentOS Linux Systems

Increasing swap space in RHEL/CentOS Linux systems is a common administrative task.

Swap space, often simply called 'swap' is a designated area on a storage device(like a hard disk or SSD) that is used as an extension of the system's RAM (Random Access Memory). When the physical RAM on a system is full, the operating system begins moving inactive pages from RAM to the swap space, allowing new operations to continue without crashing due to lack of memory.

The swap space can be implemented using a dedicated partition or a swap file. 

In modern systems, especially where resizing partitions is cumbersome or risky, using a swap file can be more flexible.

Here's a step-by-step guide to increase swap space in RHEL/CentOS Linux systems using a swap file.

1. Check the current swap space

Use the 'free' command or 'swapon --show' to check current swap usage.

$ free -h 

or

$ swapon --show 

2. Decide on Swap File Size

Determine how much additional swap space you want to add. For this example, let's say we want to add an additional 4GB of swap.

3. Create a Swap File

Use the 'fallocate' command to create a swap file. For instance, to create a 4GB swap file use following command

$ sudo fallocate -l 4GB /swapfile 

If 'fallocate' is not available or gives an error, you can also use 'dd'

$ sudo dd if=/dev/zero of=/swapfile bs=1M count=4096 

4. Set correct Permissions

It's crucial to set the right permissions to ensure that only root can read/write to the swap file.

$ sudo chmod 600 /swapfile 

5. Make the File as Swap

Convert the file to swap format

$ sudo mkswap /swapfile 

6. Enable the Swap File

Once the file has been set up, you can enable it

$ sudo swapon /swapfile 

7. Make the swap File Permanent

To ensure the system uses the swap file after reboot, add the swap file to the '/etc/fstab' file.

Open the '/etc/fstab' in your preferred editor (I like to use vim here)

$ sudo vim /etc/fstab 

Then, add the following line at the end

/swapfile     swap    swap    defaults    0    0 

8. Verify the swap space

Check that the swap is now available as provided

$ free -h 

or 

$ swapon --show 

That's it! Now you've successfully increased the swap space in your Linux System based on RHEL/CentOS distributions using a swap file. 

Why do we need Swap Space?

Memory Overflow Buffer:- 

Even with the abundance of RAM in modern systems, there are times when systems may exhaust it. In such cases, the operating system uses swap space as an overflow buffer to ensure processes can continue running.

Inactive Processes:-

It's efficient for a system to move infrequently accessed memory pages to swap space, freeing up RAM for active tasks.

Hibernate Function:-

For laptops, the hibernate function (Which saves the RAM state to the disk and powers off) uses swap spaces to store the content of the RAM.

How much Swap Space should you Allocate?

Historically, a general recommendation was to allocate twice the amount of RAM as swap. However, with the increase in system RAM in modern machines, this is often unnecessary.

Swap Space considerations

Performance:- 

Swap space is significantly slower than RAM. Over-reliance on swap can degrade system performance.

SSD and Lifespan:-

Constant writes to an SSD (which might happen if you're heavily using swap) can reduce the lifespan of the SSD over time.

Multiple Swap spaces:- 

It's possible to have multiple swap spaces (like swap partitions or swap file). The OS can manage and use them efficiently.

Final Thoughts:-

While swap space can be a lifesaver in situations with limited RAM, its always best to monitor system resources and add more RAM if frequently running out. Swap is tool for flexibilty and stability, not a substitute for adequate memory.

Remember, the use of swap space as a replacement for RAM can negatively impact system performance. 

It's always better to add more physical RAM if possible. However, having sufficient swap can prevent system crashes in scenarios where RAM is exhausted.