Debian SFTP自动化管理实现指南
在实现自动化管理前,需确保Debian系统上的SFTP服务已正确配置,为后续自动化操作提供基础。
sudo apt-get update && sudo apt-get install openssh-server -y
sudo useradd -m -s /bin/false sftp_user # 创建用户并禁止shell登录
sudo passwd sftp_user # 设置强密码
sudo mkdir -p /sftp/{upload,archive} # 创建上传和归档目录
sudo chown root:root /sftp # 根目录所有者设为root(防止用户越权)
sudo chmod 755 /sftp # 根目录权限设为755(用户仅能进入)
sudo chown sftp_user:sftp_user /sftp/upload # 上传目录所有者设为用户
/etc/ssh/sshd_config,添加以下内容:Subsystem sftp internal-sftp
Match User sftp_user
ChrootDirectory /sftp
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
sudo systemctl restart sshd
适用场景:快速实现基本的文件上传/下载,无需复杂逻辑。
步骤:
sudo apt-get install sshpass -y
/usr/local/bin/sftp_upload.sh):#!/bin/bash
HOST="remote_host_ip"
USER="sftp_user"
PASSWORD="your_password"
LOCAL_DIR="/local/backup"
REMOTE_DIR="/sftp/upload"
# 上传文件(使用sshpass传递密码)
sshpass -p "$PASSWORD" sftp -o StrictHostKeyChecking=no "$USER@$HOST" <<EOF
cd $REMOTE_DIR
lcd $LOCAL_DIR
mput *
bye
EOF
sudo chmod +x /usr/local/bin/sftp_upload.sh
适用场景:需要更灵活的操作(如文件校验、错误处理、加密传输),或希望避免密码明文存储。
步骤:
pip install paramiko
/usr/local/bin/sftp_automate.py):import paramiko
import os
from stat import S_ISDIR
def sftp_upload(host, port, username, password, local_dir, remote_dir):
try:
# 创建SSH客户端
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(hostname=host, port=port, username=username, password=password)
# 打开SFTP会话
sftp = ssh.open_sftp()
# 遍历本地目录,上传文件
for item in os.listdir(local_dir):
local_path = os.path.join(local_dir, item)
remote_path = os.path.join(remote_dir, item)
if os.path.isfile(local_path):
sftp.put(local_path, remote_path)
print(f"Uploaded: {local_path} -> {remote_path}")
elif os.path.isdir(local_path):
try:
sftp.stat(remote_path)
except FileNotFoundError:
sftp.mkdir(remote_path)
sftp_upload(host, port, username, password, local_path, remote_path)
# 关闭连接
sftp.close()
ssh.close()
print("Upload completed successfully.")
except Exception as e:
print(f"Error: {str(e)}")
if __name__ == "__main__":
# 配置参数
HOST = "remote_host_ip"
PORT = 22
USERNAME = "sftp_user"
PASSWORD = "your_password"
LOCAL_DIR = "/local/backup"
REMOTE_DIR = "/sftp/upload"
# 执行上传
sftp_upload(HOST, PORT, USERNAME, PASSWORD, LOCAL_DIR, REMOTE_DIR)
适用场景:需要兼容旧系统或处理复杂的交互式流程。
步骤:
sudo apt-get install expect -y
/usr/local/bin/sftp_expect.sh):#!/usr/bin/expect -f
set timeout 30
set host [lindex $argv 0]
set user [lindex $argv 1]
set password [lindex $argv 2]
set remote_dir [lindex $argv 3]
set local_dir [lindex $argv 4]
# 启动SFTP会话
spawn sftp $user@$host
expect "password:"
send "$password\r"
expect "sftp>"
# 执行SFTP命令
send "cd $remote_dir\r"
expect "sftp>"
send "lcd $local_dir\r"
expect "sftp>"
send "mput *\r"
expect "sftp>"
send "bye\r"
expect eof
sudo chmod +x /usr/local/bin/sftp_expect.sh
无论使用哪种脚本方式,都可以通过Cron设置定时任务,实现定期自动执行。
步骤:
crontab -e
0 2 * * * /usr/local/bin/sftp_upload.sh >> /var/log/sftp_upload.log 2>&1
0 2 * * * /usr/bin/python3 /usr/local/bin/sftp_automate.py >> /var/log/sftp_automate.log 2>&1
0 2 * * *表示每天凌晨2点执行;>> /var/log/sftp_upload.log 2>&1将脚本输出(包括错误信息)追加到日志文件,便于后续排查问题。ssh-keygen -t rsa -b 4096
ssh-copy-id -i ~/.ssh/id_rsa.pub sftp_user@remote_host_ip
sshpass -p "$PASSWORD"行,Python脚本中使用key_filename参数指定私钥路径)。sudo chown root:root /usr/local/bin/sftp_upload.sh
sudo chmod 700 /usr/local/bin/sftp_upload.sh
/var/log/sftp_upload.log),确认自动化任务执行情况,及时发现异常。通过以上步骤,可实现Debian SFTP的全面自动化管理,涵盖服务配置、脚本编写、定时调度及安全增强,满足企业级文件传输需求。