Last active
February 28, 2018 07:20
-
-
Save frank-dspeed/2b55ff84709c12ec9af8399a7e762a81 to your computer and use it in GitHub Desktop.
Setup SFTP Only users
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#Setup SFTP Group and Service | |
function setup(){ | |
#Create sftpusers group. | |
sudo groupadd sftpusers | |
#Comment out setting disabling SFTP access from sshd config file. | |
sudo sed -i "s/Subsystem sftp \/usr\/lib\/openssh\/sftp-server/#Subsystem sftp \/usr\/lib\/openssh\/sftp-server/" /etc/ssh/sshd_config | |
if (cat /etc/ssh/sshd_config | grep sftpusers); then | |
cat <<EOF >> /etc/ssh/sshd_config | |
#enable sftp | |
Subsystem sftp internal-sftp | |
Match Group sftpusers | |
ChrootDirectory %h #set the home directory | |
ForceCommand internal-sftp | |
X11Forwarding no | |
AllowTCPForwarding no | |
PasswordAuthentication yes | |
EOF | |
sudo service ssh restart | |
fi | |
} | |
#Creating Users | |
# usage: create_sftp_user <username> | |
function create_sftp_user() { | |
# create user | |
sudo adduser $1 | |
# prevent ssh login & assign SFTP group | |
sudo usermod -g sftpusers $1 | |
# Ubuntu - sudo usermod -s /usr/sbin/nologin $1 | |
sudo usermod -s /bin/nologin $1 | |
# chroot user (so they only see their directory after login) | |
sudo chown root:$1 /home/$1 | |
sudo chmod 755 /home/$1 | |
sudo mkdir /home/$1/uploads | |
sudo chown $1:$1 /home/$1/uploads | |
sudo chmod 755 /home/$1/uploads | |
} | |
# mount --bind /var/www/ ./www | |
``` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment