Skip to content

Instantly share code, notes, and snippets.

@lnrsoft

lnrsoft/sftp.md

Forked from vallettea/sftp.md
Created April 6, 2018 03:45
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save lnrsoft/ef1b7163bd88cfb986c351bb5679ace4 to your computer and use it in GitHub Desktop.
Save lnrsoft/ef1b7163bd88cfb986c351bb5679ace4 to your computer and use it in GitHub Desktop.
Download ZIP
How to setup a secure ftp server on ubuntu.
Raw
sftp.md

Setting up ftp server on ubuntu

Install

apt-get install vsftpd openssh-server

Configure ftp

in /etc/vsftpd.conf:

write_enable=YES
local_umask=022
chroot_local_user=YES 

# to be added
allow_writeable_chroot=YES 
pasv_enable=Yes
pasv_min_port=40000
pasv_max_port=40100

Configure sftp

in /etc/ssh/sshd_config:

comment the following line

Subsystem sftp /usr/lib/openssh/sftp-server

and add

Subsystem sftp internal-sftp
Match group ftpaccess
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Setup a dedicated user

in /etc/shells add:

/usr/sbin/nologin

then:

groupadd ftpaccess
useradd -m ftp_user -g ftpaccess -s /usr/sbin/nologin
passwd ftp_user
chown root /home/ftp_user
mkdir /home/ftp_user/drop_here
chown ftp_user:ftpaccess /home/ftp_user/drop_here

people can now connect via port 22 with ftp_user and the passord you set using passwd ftp_user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment