Setting up SFTP on RHEL/CentOS-7

Secure File Transfer Protocol (SFTP) is a method for transferring files over a secure shell (SSH) connection.

Unlike the regular FTP protocol, SFTP offers encryption, ensuring data remains confidential and secure transit. 

Step1:- Installing OpenSSH Server

OpenSSH provides the SFTP functionality we need. If you haven't installed it yet, Then you can install it by using following yum command.

$ sudo yum install openssh-server 

Step2:- Starting, Enabling & Status checking for SSHD Service.

$ sudo systemctl start sshd 

$ sudo systemctl enable sshd

$ sudo systemctl status sshd

Step3:- Configuring SFTP Users

If you want to set up a specific user to access SFTP and restrict them to their home directory, follow these steps:

a. Create a user

$ sudo useradd <UserName> 

$ sudo passwd <UserPassword> 

b. Edit the SSH configuration file and Add or Modify the following lines to restrict users to their home directory


$ sudo vim /etc/ssh/sshd_config 

Subsystem sftp internal-sftp

Match User <UserName>
ChrootDirectory %h
AllowTCPForwarding no
PasswordAuthentication yes
X11Forwarding no
ForceCommand internal-sftp

c. After Making changes to the SSHD configuration file, restart the service to apply them:

$ sudo systemctl restart sshd 

Step4:- Check for Configuration file Errors, if any

$ sshd -t 

If the 'sshd -t' command points to a specific line, review and correct that part of the configuration. If you have made any changes in the configuration, we have restart the sshd service again.

Step5:- Setting up the Correct Permissions

The chroot environment requires specific permissions. The base directory should not writable by any other user or groups.

For Example, I'm using following File Permissions for the following directory.

$ sudo chmod 755 /home/<UserName> 

$ sudo chown <UserName:GroupName> /home/<UserName> 

To allow the user to upload files, you can create a directory inside the user's home directory:

$ sudo mkdir /home/<UserName>/files 

$ sudo chown <UserName:GroupName> /home/<UserName>/files 

Now, the user can upload files to the /files directory.

Step 6:- Testing the SFTP Connection:

From a client machine or another terminal

$ sftp <UserName>@<HostName/IP> 

Once logged in, the user should only see the contents of their home directory and should only be able to navigate and manipulate files within '/files' directory.


Troubleshooting SSHD Service Restart Issues on Linux

If you've encountered issues restarting the 'sshd' service on your Linux servers, you're not alone. Here's a brief guide to diagnosing and resolving the problem. 

1. Check the Service status:
Begin by checking immediate status:

$ sudo systemctl status sshd.service 

This provides a snapshot of the service's status and any immediate error messages.

2. Dive into Detailed Logs:
For a more comprehensive log view:

$ sudo journalctl -xe 

3. Validate your Configuration:

Errors often arise froma misconfigured configuration file. Validate its syntax with:

$ sshd -t 

4. Common configuration pitfalls:

  • Typos or misconfiguration in the directives.
  • Incorrect file paths.
  • Inappropriate file or directory permissions.

5. Restart and Test:

After making corrections, give the restart another shot:

$ sudo systemctl restart sshd 


No comments:

Introduction to the Bash Shell

  •  A command line is a text-based interface which can be used to input instructions to a computer system.

  • The Linux command line is provided by a program called the shell. Various options for the shell program have been developed over the years and different users can be configured to use difference shells. Most users, however, stick with the current default shell.

  • The default shell for users in RHEL/CentOS is the GNU Bourne-Again shell (BASH). Bash is an improved version of one of the most successful shells used on UNIX-like systems, the Bourne Shell (sh).

  • When a shell is used interactively, it display a string when it is waiting for a command from the user. This is called the shell prompt.

  • When a regular user starts s shell, the default prompt ends with a $ character, as shown below

        [myname@servername ~] $ 

  • The $ character is replaced by a # character if the shell is running as the superuser, root. This makes it more obvious that it is a superuser shell, which helps to avoid accidents and mistakes which can affect the whole system. The superuser shell prompt is shown as below.

        [myname@servername ~] # 

  • Using bash to execute commands can be powerful. The bash shell provides a scripting language that can simply or make possible operations that are hard to accomplish efficiently with graphical tools.

Commands entered at the shell prompt have tree basic parts:

  • Command to run
  • Options to adjust the behavior of the commands
  • Arguments, which are typically targets of the commands

  The command is the name of the program to run. It may be followed by one or more options, which adjust the behavior's of the commands or what it will do.

 Options normally start with one or two dashes (-a or --all) to distinguish them from arguments.

 Commands may also be followed by one or more arguments, which often indicates a target that the command should operate upon.


No comments:

Swap Space in Linux

SWAP Space in Linux is a dedicated area on a storage device (disk or SSD) used as a backup for system memory (RAM). It serves as an overflow area when the physical memory is full, allowing the system to continue running by temporarily moving inactive pages of memory from RAM to swap. Swap helps prevent system crashes when RAM is insufficient but is slower than RAM since it relies on disk I/O.

Purpose of Swap Space

  1. Extend Available Memory

Actis as Virtual memory when physical RAM is fully utilized.

  1. Suspend-to-Disk

Stores the system's current state when suspending (hibernating) the computer.

  1. Backup for Temporary Spikes.
    Handles short-term spikes in memory usage.

Types of Swap Space

  1. Swap Partition
    A dedicated disk partition for swap

Created during the installation or manually after.

  1. Swap File

A file on an existing file system used as sap space.

More flexible as it doesn't require repartitioning.

How Linux Uses Swap

  1. Swapping:
    Moves inactive memory pages to swap to free up RAM for active processes.

  2. Paging:

Handles memory pages actively being used, but this is less common in modern Linux systems.

The Linux kernel decides when to use swap based on the sappiness value:

  • A percentage (default:60) that determines how aggressively swap is used.

  • Higher values cause more swapping, even when RAM is available.

  • Lower values favor RAM usage and reduce swap reliance.

Checking Swap Usage

To view the current swap usage:

    $ free -hm

    $ swapon --show

Creating and managing swap space

Creating a Swap Partition

Step1: Identify unallocated Disk Space

$ lsblk

Step2: Create a Partition
 Use fdisk or parted to create a new partition with 82 (Linux Swap) partition
type

$ sudo fdisk /dev/sdb
Step3: Format as Swap

$ sudo mkswap /dev/sdb1

Step4: Enable the Swap Partition
 $ sudo swapon /dev/sdb1

Step5: Make It Persistent:
Add an entry to /etc/fstab

/dev/sdb1    none    swap    sw    0    0

Creating a Swap File

Step1: Create the swap File
 $ sudo dd if=/dev/zero of=/swapfile bs=1M count=1024

Step2: Set Permissions

$ sudo chmod 600 /swapfile

Step3: Format the Swap
 $ sudo mkswap /swapfile

Step4: Enable the Swap File

$ sudo swapon /swapfile

Step5: Make it Persistent

Add an entry to /etc/fstab file

/swapfile    none    swap    sw    0    0

Adjusting Swappiness

The swappiness value determines the kernel's tendency to use swap:

  • Range: 0 - 100

  • Default: 60

To check the current swappiness value 

$ cat /proc/sys/vm/swappiness

To temporarily change the value
 $ sudo sysctl vm.swappiness=10

To make it permanent, add to /etc/sysctl.conf

vm.swappiness=10

Removing Swap Space

Removing a swap File

  • Disable the swap file
    $ sudo swapoff /swapfile

  • Remove the swap file entry in /etc/fstab

  • Delete the swap file:

$ sudo rm /swapfile

Removing a Swap Partition

  • Disable the swap partition
    $ sudo swapoff /dev/sdb1

  • Remove the entry in /etc/fstab

  • Optionally, delete the partition using fdisk or parted.

Monitoring and Managing Swap

View Swap Usage

$ free -hm

$ swapon --show

Turn off swap temporarily

$ sudo swapoff -a

Turn On Swap Temporarily

$ sudo swapon -a

Clear swap space

Move pages/processes back to RAM

$ sudo swapoff -a && sudo swapon -a

Best Practices for Swap Space

  • Recommended swap sizes

    • For systems with <=2 GB Ram = 2x RAM Size

    • For system with > 2GB RAM:

      • Without hibernation: equal to RAM Size.

      • With hibernation: RAM size + Additional buffer.

  • Use Swap Sparingly:

    • Excessive swap usage indicates insufficient RAM.

    • Upgrade RAM if swap is heavily used.

  • Optimize Performance:

    • Tune swappiness to reduce swap usage

Swap in Modern Systems

  • Modern systems with large amounts of RAM (e.g., 16GB+) rarely need swap for normal operations.

  • Swap is still critical for hibernation or when memory spikes occur.

  • SSD-Based swap is faster than HSS but may wear out SSD due to frequent writes.

Conclusion

Swap space is an essential feature in Linux for memory management and system stability. Whether implemented as partition or a file. It provides flexibility in handling memory overflow and supports advanced functionalities like hibernation. Proper management, including monitoring and tuning ensure optimal system performance.


No comments:
Subscribe to: Posts (Atom)
  • What is Library
    A library is a collection of pre-compiled code (functions, routines, and subroutines) that programs can use to perform common tasks. Librari...
  • su v/s su - command
    The su and su - commands in Linux are both used to switch to another user, typically the root user, but they behave differently in terms o...
  • Message of the Day
    The message of the Day (MOTD) is a banner message displayed automatically to users when they log into a linux system via a terminal or SSH. ...
  • Network File System (NFS)
    Network File System (NFS) is a protocol that allows users to access and share files over a network as if they were on a local file system. I...
  • What is Linux?
      Linux is a popular operating system that powers many devices, from smartphones and laptops to servers and supercomputers. But what exactly...
  • Swap Space in Linux
    SWAP Space in Linux is a dedicated area on a storage device (disk or SSD) used as a backup for system memory (RAM). It serves as an overflow...
  • Linux File Hierarchy System
    One of the most important aspects of any operating system is how it organizes and manages the files and directories on the disk. Linux, bein...
  • What is Linux Kernel?
    If you are a computer user, you might have heard of the term "kernel" before. But what exactly is a kernel and what does it do? In...