To add a SFTP-only user, you'll need to make sure your SSH config settings are correct, add a new user/group and set permissions for your new user. For step-by-step directions, see below. Omit sudo if you're logged in as root.
-
Edit
/etc/ssh/sshd_configand make sure to add the following at the end of the file:Match group filetransfer ChrootDirectory %h X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp -
Restart OpenSSH:
sudo /etc/init.d/ssh restart -
Add new group for SFTP-only users:
sudo addgroup filetransfer -
Add new user (make sure to switch out username in the following steps to your specified username):
sudo adduser username -
Add user to new group and set permissions:
sudo usermod -G filetransfer username sudo chown root:root /home/username sudo chmod 755 /home/username -
Create directories for user and set final permissions:
cd /home/username sudo mkdir folder_1 folder_2 sudo chown username:username * -
Setup a symbolic link to make the user's folder available to the public (
/var/www/...path will be dependent on your environment):sudo ln -s /home/username/USER_DIRECTORY /var/www/devpress.cbai.us/wordpress/PUBLIC_DIRECTORY/If you need to view the public directory index, you may have to add a .htaccess file in your PUBLIC_DIRECTORY with: Options +Indexes
-
Use Cyberduck or another SFTP client to connect. Go have a beer.
Thanks for the tutorial, found it helpful. :)
I skipped step 7 (don't want them public). Can I still go for the beer?
More stress on the importance of step 5 though, tried to skip that too first (why should the user not own their home? or write there?) but it just wouldn't work without it.