Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Basic tutorial for creating a SFTP-only user on Ubuntu 9.04 and greater

Adding SFTP-only user to Ubuntu Server

To add a SFTP-only user, you'll need to make sure your SSH config settings are correct, add a new user/group and set permissions for your new user. For step-by-step directions, see below. Omit sudo if you're logged in as root.

Directions

  1. Edit /etc/ssh/sshd_config and make sure to add the following at the end of the file:

     Match group filetransfer
     	ChrootDirectory %h
         X11Forwarding no
         AllowTcpForwarding no
     	ForceCommand internal-sftp
    
  2. Restart OpenSSH:

     sudo /etc/init.d/ssh restart
    
  3. Add new group for SFTP-only users:

     sudo addgroup filetransfer
    
  4. Add new user (make sure to switch out username in the following steps to your specified username):

     sudo adduser username
    
  5. Add user to new group and set permissions:

     sudo usermod -G filetransfer username
     sudo chown root:root /home/username
     sudo chmod 755 /home/username
    
  6. Create directories for user and set final permissions:

     cd /home/username
     sudo mkdir folder_1 folder_2
     sudo chown username:username *
    
  7. Setup a symbolic link to make the user's folder available to the public (/var/www/... path will be dependent on your environment):

     sudo ln -s /home/username/USER_DIRECTORY /var/www/devpress.cbai.us/wordpress/PUBLIC_DIRECTORY/
    

    If you need to view the public directory index, you may have to add a .htaccess file in your PUBLIC_DIRECTORY with: Options +Indexes

  8. Use Cyberduck or another SFTP client to connect. Go have a beer.

@scolphoy

This comment has been minimized.

Show comment Hide comment
@scolphoy

scolphoy Aug 17, 2013

Thanks for the tutorial, found it helpful. :)

I skipped step 7 (don't want them public). Can I still go for the beer?

More stress on the importance of step 5 though, tried to skip that too first (why should the user not own their home? or write there?) but it just wouldn't work without it.

Thanks for the tutorial, found it helpful. :)

I skipped step 7 (don't want them public). Can I still go for the beer?

More stress on the importance of step 5 though, tried to skip that too first (why should the user not own their home? or write there?) but it just wouldn't work without it.

@jetbreaker

This comment has been minimized.

Show comment Hide comment
@jetbreaker

jetbreaker Dec 27, 2014

Hi there, I originally used this same guide and added two user accounts that worked perfectly well until fairly recently. One of my accounts I can login fine into FileZilla, but the other one or any subsequent accounts I create, will not log in. I get 'Authentication failed' and Critical error: could not connect to server.

Please advise

Hi there, I originally used this same guide and added two user accounts that worked perfectly well until fairly recently. One of my accounts I can login fine into FileZilla, but the other one or any subsequent accounts I create, will not log in. I get 'Authentication failed' and Critical error: could not connect to server.

Please advise

@gilsoninacio

This comment has been minimized.

Show comment Hide comment
@gilsoninacio

gilsoninacio Jun 2, 2015

did not understand that step 7,

I only want to give access a developer of a plugin called me admin access to WordPress and access to FTP it to fix a plugin problem, however I do not trust obviously, so only want to create a user with limited permissions and just after he solve the problem, I delete the user ftp.You understood?

did not understand that step 7,

I only want to give access a developer of a plugin called me admin access to WordPress and access to FTP it to fix a plugin problem, however I do not trust obviously, so only want to create a user with limited permissions and just after he solve the problem, I delete the user ftp.You understood?

@developez

This comment has been minimized.

Show comment Hide comment
@developez

developez Oct 17, 2017

I understand all the steps, but when I tried to connect with my sftp client (FileZilla), I obtain authentication error message. I dont know why, I repeat all the steps many times.

I understand all the steps, but when I tried to connect with my sftp client (FileZilla), I obtain authentication error message. I dont know why, I repeat all the steps many times.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment