Skip to content

Instantly share code, notes, and snippets.

@ikawka
Last active August 12, 2023 10:03
Show Gist options
  • Save ikawka/412e77927d9dd93d8882abae4c7da423 to your computer and use it in GitHub Desktop.
Save ikawka/412e77927d9dd93d8882abae4c7da423 to your computer and use it in GitHub Desktop.
Create an sftp user and restrict to specific folder.
#1. Create the sftp group
sudo groupadd sftpusers
#2. Comment out the default "Subsystems sftp" in the ssh config
sudo sed -i "s/Subsystem sftp \/usr\/lib\/openssh\/sftp-server/#Subsystem sftp \/usr\/lib\/openssh\/sftp-server/" /etc/ssh/sshd_config
#3. Modify the ssh config
sudo vi /etc/ssh/sshd_config
#Add the these lines to the end of the file
#enable sftp
Subsystem sftp internal-sftp
Match Group sftpusers
ChrootDirectory %h #set the home directory
ForceCommand internal-sftp
X11Forwarding no
AllowTCPForwarding no
PasswordAuthentication yes
#4. Restart the ssh service
sudo service ssh restart
#5. Creating the user
#create user
sudo adduser sftpuser1
# prevent ssh login & assign SFTP group
sudo usermod -g sftpusers sftpuser1
sudo usermod -s /bin/nologin sftpuser1
# chroot user (so they only see their directory after login)
sudo chown root:sftpuser1 /home/sftpuser1
sudo chmod 755 /home/sftpuser1
sudo mkdir /home/sftpuser1/uploads
sudo chown sftpuser1:sftpuser1 /home/sftpuser1/uploads
sudo chmod 755 /home/sftpuser1/uploads
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment