SFTP Configuration in RHEL 7

Latest response

Dear team,

We needed your best suggestion to configure SFTP server considering below scenarios without compramising data security.
1. Need to build new SFTP server in RHEL7 OS which will be used be my internal Office Users and will be available Over internet to be used by vendors.
2. Data upload and download will be done by all types of users (INTRANET and INTERNET).
3. SFTP server should be accessible to all the users through tools like winscp or web browser with file/directory browing capability to upload and download files.
4. data should travel through encrypted format secured way. need to avoid port 22 open to all over internet to avoid hacking attempt.

step by step implementation for this requirement is highly appreciated.

Responses

If you don't want the SSH service being open to the Internet at large, sounds like you need to either set up VPN tunnels between you and your vendors or you'll need to manage a bunch of firewall rules to provide access to IP ranges. Both options kind of suck.

How about Port forwarding/hiding ?

My suggestion if SSH is doable by your customers/clients/partners is to use fail2ban in conjunction with openssh daemon. That said, you should be using fail2ban anyway on any remotely accessible service.

Here is an article on Linode that should be sufficient to get you started, but as usual with anything production, do read the documentation and understand what you are doing before going live. On all my servers (virtual or physical) I use f2b to add an extra layer of pain for any attacker or bot to have to deal with, as well as use SELinux to its fullest.

https://www.linode.com/docs/security/using-fail2ban-for-security

Hope this is of use to you.

Using fail2ban is nice but can be more overhead than appropriate iptables rules (all my internet-facing systems have iptables configured to temp-blacklist the types of things fail2ban frequently is configured to do): no additional software and only about three lines of iptable rules.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.