mitech specific sftp setup

sftp-server mitech.md

@@ -0,0 +1,78 @@
+# sftp configurstion
+
+* [Reference](https://www.thegeekstuff.com/2012/03/chroot-sftp-setup/)
+
+## Steps
+
+1. Create a New Group
+    ```sh
+    $ groupadd mitechextusers
+    ```
+
+2. Create Users
+   ```sh
+   # create mitechext_sw
+
+   $ useradd -g mitechextusers -d /sftp/mitechext/software/software/shared -s /sbin/nologin mitechext_sw
+
+   # change mitechext_sw password
+
+   $ passwd mitechext_sw
+
+   # verify creation
+   
+   $ grep mitechext_sw /etc/passwd
+   ```
+
+3. Setup `sshd_config`
+```sh
+$ nano /etc/ssh/sshd_config
+```
+
+* Comment out `Subsystem sftp /usr/libexec/openssh/sftp-server`. Add the following
+
+```txt
+#Subsystem sftp /usr/libexec/openssh/sftp-server
+Subsystem sftp internal-sftp
+
+Match User mitechext_sw
+  ChrootDirectory /sftp/mitechext/software
+  ForceCommand internal-sftp
+
+```
+
+4. Create sftp home directory
+```sh
+$ mkdir /sftp
+$ mkdir /sftp/mitechext/software
+$ mkdir /sftp/mitechext/software/shared
+
+# set folder ownership
+$ chown mitechext_sw:mitechextusers /sftp//mitechext/software/shared
+
+# verify ownership
+$ ls -ld /sftp//mitechext/software/shared
+drwxr-xr-x 2 mitechext_sw mitechextusers 4096 Dec 28 23:49 /sftp//mitechext/software/shared
+
+$ ls -ld /sftp//mitechext/software
+drwxr-xr-x 3 root root 4096 Dec 28 23:49 /sftp/guestuser
+
+$ ls -ld /sftp//mitechext
+drwxr-xr-x 3 root root 4096 Dec 28 23:49 /sftp
+
+```
+
+5. Restart sshd
+```sh
+$ service sshd restart
+
+OR 
+
+$ systemctl restart ssh
+```
+
+6 Test setup
+```sh
+# user should only able to access the incoming folder as root level
+$ sftp mitechext_sw@127.0.0.1
+```