This topic describes how to use the Secure File Transfer Protocol (SFTP) to transfer data to and from an Apsara File Storage NAS file system.

Prerequisites

In a region where an Apsara File Storage NAS file system resides, you have purchased an Elastic Compute Service (ECS) instance. The following takes CentOS as an example. For more information, see Create an ECS instance.

Background information

The transmission speed for SFTP is based on the Internet bandwidth of an ECS instance that runs the SFTP service. We recommend that you configure a suitable Internet bandwidth based on your business requirements.

Procedure

  1. Log on to the ECS console.
  2. Modify the /etc/ssh/sshd_config configuration file.
    1. In the sshd_config configuration file, annotate the line that starts with Subsystem, create a line, and add Subsystem sftp internal-sftp to the line.
      # override default of no subsystems
      #Subsystem      sftp    /usr/libexec/openssh/sftp-server
      Subsystem     sftp   internal-sftp
    2. Add the following code at the end of the sshd_config configuration file.

      In the code, /usr/sftp indicates the directory where the sftp tool resides. You need to replace this directory with the actual directory that is specific to your environment.

      X11Forwarding no
      AllowTcpForwarding no
      ForceCommand internal-sftp
      ChrootDirectory /usr/sftp
  3. Grant permissions.
    1. Use the following command to create a group named sftp.
      groupadd sftp
    2. Use the following command create a user account named sftp and add the user account to the new group.
      useradd -g sftp -s /sbin/nologin -M sftp
    3. Use the following command to specify a password for the sftp user account.
      passwd sftp
    4. Use the following commands to create a workspace for the user account, change the owner to root, change the owner group to sftp, and change the access permissions for the sftp directory to 755.
      cd /usr
      mkdir sftp
      chown root:sftp sftp
      chmod 755 sftp
  4. In the sftp directory, create a mount directory named file for the Apsara File Storage NAS file system.
    cd sftp/
    mkdir file
    chown sftp:sftp file
  5. Use the following command to mount the Apsara File Storage NAS file system on the /usr/sftp/file directory.
    sudo mount -t nfs -o vers=4.0 xxx-xxx.cn-zhangjiakou.nas.aliyuncs.com:/ /usr/sftp/file
  6. Use the following command to restart the sshd service.
    service sshd restart
  7. Log on to the SFTP service to transfer files.

    Enter the username and password that you have specified in Step 3. The following takes WinSCP client as an example. You can connect to the SFTP service by using a client that supports SFTP based on your business requirements.

    Client