Skip to content

Instantly share code, notes, and snippets.

@hugorodgerbrown

hugorodgerbrown/ssh-test-setup.md

Last active October 1, 2017 17:17
Show Gist options
  • Save hugorodgerbrown/b4f4b032bb1b26fc420b9c1d77e61956 to your computer and use it in GitHub Desktop.
Save hugorodgerbrown/b4f4b032bb1b26fc420b9c1d77e61956 to your computer and use it in GitHub Desktop.
Download ZIP
Simple setup to get an EC2 Ubuntu SFTP server set up
Raw
ssh-test-setup.md

Content taken from https://www.digitalocean.com/community/tutorials/how-to-enable-sftp-without-shell-access-on-ubuntu-16-04

Add a test user account to 'own' the uploads directory

sudo adduser testuser

Create the uploads directory

sudo mkdir -p /var/sftp/uploads
sudo chown root:root /var/sftp
sudo chmod 755 /var/sftp
sudo chown testuser:testuser /var/sftp/uploads

Now that the directory structure is in place, we can configure the SSH server itself.

Restrict acsess

sudo nano /etc/ssh/sshd_config

Add the following to the bottom of the file:

Match User testuser
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

To apply the configuration changes, restart the service.

sudo systemctl restart sshd

Verify the Configuration

# should fail - only sftp connections are allowed
ssh testuser@localhost

Verify the user can access SFTP

sftp testuser@localhost
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment