Voir : http://linuxfr.org/news/se-passer-de-dropbox-en-montant-son-coffre-fort-numerique-a-la-maison

Voir aussi :

• https://www.linuxjournal.com/content/sftp-port-forwarding-enabling-suppressed-functionality
• Notes rclone

Ne pas confondre FTPS avec SFTP !

apt-get install proftpd-basic

/etc/proftpd/proftpd.conf

#<Limit LOGIN>
#    Allow from 127.0.0.1 192.168.1.0/8
#    Allow from 78.233.103.193
#    DenyAll
#</Limit>
 
#######
##
## SFTP Config
SFTPEngine      On
Port <PORT>
SFTPHostKey /etc/ssh/ssh_host_rsa_key
SFTPHostKey /etc/ssh/ssh_host_dsa_key
SFTPClientMatch "WS_FTP" channelWindowSize 1GB
# enable for sftp debugging:
TraceLog /var/log/proftpd/sftp-trace.log
#Trace scp:20 sftp:20 ssh2:20
Trace scp:7 sftp:7 ssh2:7
## End SFTP Config
##
SFTPLog            /var/log/proftpd/sftp.log
TransferLog        /var/log/proftpd/sftp-xferlog
 
SFTPAuthMethods    publickey password
#SFTPAuthMethods    publickey
AuthUserFile       /etc/proftpd/sftp.passwd
#SFTPAuthorizedUserKeys file:/etc/proftpd/authorized_keys/%u
SFTPAuthorizedUserKeys file:/etc/proftpd/sftp.passwd.keys/%u
 
# SFTP specific configuration
#DefaultRoot        ~
DefaultRoot        /partage
 
 
# Enable compression
SFTPCompression delayed
 
######

/etc/proftpd/sftp.passwd

<USER>:<$1$PASSWORD.>:1005:1008::/partage:/usr/bin/rssh

/etc/rssh.conf

user=<USER>:007:000110:"/partage"

Déposez les clef SSH publiques (à convertir) /etc/proftpd/sftp.passwd.keys/ Now fill the file with the SSH public keys you want. You need to convert it in RFC4716 style before:

ssh-keygen -e -f id_rsa.pub > /etc/proftpd/sftp.passwd.keys/virtual2

mkdir /etc/proftpd/authorized_keys
ssh-keygen -e -f id_rsa.pub > /etc/proftpd/authorized_keys/jean
chmod 600 /etc/proftpd/authorized_keys
chmod 600 /etc/proftpd/authorized_keys/*
service proftpd restart

Avant toute chose vérifier que votre système d'exploitation soit à jour

sudo -s
apt-get update 
apt-get upgrade 
apt-get dist-upgrade
 
apt-get install proftpd-basic rssh
 
mkdir -p /partage/jean
mkdir -p /partage/public
addgroup sftp 
chgrp sftp /partage -R
chmod 750 /partage/*
chmod 1777 /partage/public

<Limit LOGIN>                                                        
    Allow from 78.234.113.74 127.0.0.1 192.168.2.0/8                
    DenyAll                                                          
</Limit>                                                             

#######                                                                                                                         
  ## SFTP Config                                                       
  SFTPEngine      On                                                   
  Port 7010                                                            
  SFTPHostKey /etc/ssh/ssh_host_rsa_key                                
  SFTPHostKey /etc/ssh/ssh_host_dsa_key                                
  SFTPClientMatch "WS_FTP" channelWindowSize 1GB                       
  # enable for sftp debugging:                                         
  TraceLog /var/log/proftpd/sftp-trace.log                             
  #Trace scp:20 sftp:20 ssh2:20                                        
  Trace scp:7 sftp:7 ssh2:7                                            
                                                                
  SFTPLog            /var/log/proftpd/sftp.log                         
  TransferLog        /var/log/proftpd/sftp-xferlog                     
   
  SFTPAuthMethods    publickey password                                                        
  AuthUserFile       /etc/proftpd/sftp.passwd                             
  SFTPAuthorizedUserKeys file:/etc/proftpd/sftp.passwd.keys/%u         
  
  # SFTP specific configuration                                        
  DefaultRoot        ~                                                                                                        
 
  # Enable compression                                                 
  SFTPCompression delayed                                                                                                                           
  ######  
Commenter 

Changer :

Port
Umask                           007  007 
#TransferLog

$ getent group sftp |cut -d':' -f3
1008

$ mkpasswd --hash=md5 $PASS
$1$L0PQHYcl$fUkBeMISuAg.miC0qJONP.

cat >>/etc/proftpd/sftp.passwd <EOF
jean:$1$L0PQHYcl$fUkBeMISuAg.miC0qJONP.:1005:1008::/partage:/usr/bin/rssh
EOF

/etc/rssh.conf

logfacility = LOG_USER
umask = 066
 
 
# if your chroot_path contains spaces, it must be quoted... 
# In the following examples, the chroot_path is "/usr/local/my chroot" 
#user=rudy:011:000010:"/usr/local/my chroot"  # scp with chroot 
#user=rudy:011:000100:"/usr/local/my chroot"  # sftp with chroot 
#user=rudy:011:000110:"/usr/local/my chroot"  # both with chroot 
user=jean:007:000110:"/partage"  # both with chroot
 
chrootpath = "/partage"

/etc/passwd

jean:x:1006:1007:,,,:/home/jean:/usr/sbin/nologin

Connexion sans mot de passe

ssh-keygen -e -f ~/.ssh/id_dsa.pub

---- BEGIN SSH2 PUBLIC KEY ---- 
Comment: "1024-bit DSA, converted by jibe@bureau1 from OpenSSH" 
AAAAB3NzaC1kc3MAAACBAJA018SvcOTMOWCnPf+nF8QvPd31ei0spdxTgzualoieKkInx7 
glj+4zoxfUbweL4XmouUpzx0qDWE5EvFp+tNCJpKBrksq2tTPfkRqNl96gpXzY3SzWqslh 
ZQSyuSYaTK09r+IGGK1TRQCSzOXysCPpUGMxUDL3lhG8G7uHmFp3AAAAFQD7+zbnWBW49f 
chkTgTGUXn/ySKXQAAAIBzG//psWQ1KXHDbVNkJIyYfACH+fBiHKO4zhIYSYDbTU8sQBQ9 
bAnzDsUFAlLLmeEZOuux4zeGEPvjqGn+pCbpSRfY8FD3ItdGgipf0SiVpRL1b3uP1GrMpe 
IoQja1nnf7rsQBasWWsw2g3kvYz8OZnYCckVZDzbd0um+gRVRndQAAAIBfsJjGVF90lPWo 
sv1Mqsrn/itJGX67lHyWMLLVJ5/9SgmB4fY66OJXX8Ht7eH98kT5DXQEZ8Rms5WA4/u7SL 
Qbf/t1G096eMuA3WjrxBUOmQnVfGbAKVSQnt8MChikaxu4CChzjk08IfidTPoEdDfSqmZ2 
cE9X54zlPNJ8j+wqCA== 
---- END SSH2 PUBLIC KEY ---- 

Copier la clef publique sur le serveur SFTP :

• /etc/proftpd/sftp.passwd.keys/jean