This topic describes how to use the Secure File Transfer Protocol (SFTP) to transfer
data to and from an Apsara File Storage NAS file system.
Prerequisites
In a region where an Apsara File Storage NAS file system resides, you have purchased
an Elastic Compute Service (ECS) instance. The following takes CentOS as an example.
For more information, see
Create an ECS instance.
Background information
The transmission speed for SFTP is based on the Internet bandwidth of an ECS instance
that runs the SFTP service. We recommend that you configure a suitable Internet bandwidth
based on your business requirements.
Procedure
- Log on to the ECS console.
- Modify the /etc/ssh/sshd_config configuration file.
- In the
sshd_config
configuration file, annotate the line that starts with Subsystem
, create a line, and add Subsystem sftp internal-sftp to the line.
# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
- Add the following code at the end of the
sshd_config
configuration file.
In the code, /usr/sftp indicates the directory where the sftp tool resides. You need to replace this directory
with the actual directory that is specific to your environment.
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
ChrootDirectory /usr/sftp
- Grant permissions.
- Use the following command to create a group named sftp.
- Use the following command create a user account named sftp and add the user account
to the new group.
useradd -g sftp -s /sbin/nologin -M sftp
- Use the following command to specify a password for the sftp user account.
- Use the following commands to create a workspace for the user account, change the
owner to root, change the owner group to sftp, and change the access permissions for
the sftp directory to 755.
cd /usr
mkdir sftp
chown root:sftp sftp
chmod 755 sftp
- In the sftp directory, create a mount directory named file for the Apsara File Storage
NAS file system.
cd sftp/
mkdir file
chown sftp:sftp file
- Use the following command to mount the Apsara File Storage NAS file system on the
/usr/sftp/file directory.
sudo mount -t nfs -o vers=4.0 xxx-xxx.cn-zhangjiakou.nas.aliyuncs.com:/ /usr/sftp/file
- Use the following command to restart the sshd service.
- Log on to the SFTP service to transfer files.
Enter the username and password that you have specified in Step 3. The following takes WinSCP client as an example. You can connect to the SFTP service
by using a client that supports SFTP based on your business requirements.