You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1.8 KiB

Raw Blame History

sftp configurstion

Reference

Steps

Create a New Group
```
$ groupadd sftpusers
```

Create Users

# create guestuser
$ useradd -g sftpusers -d /incoming -s /sbin/nologin guestuser

# change guestuser password
$ passwd guestuser

# verify creation
$ grep guestuser /etc/passwd

# modify an existing user. eg john
$ usermod -g sftpusers -d /incoming -s /sbin/nologin john

Setup sshd_config

$ nano /etc/ssh/sshd_config

Comment out Subsystem sftp /usr/libexec/openssh/sftp-server. Add the following

#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp

Match Group sftpusers
  ChrootDirectory /sftp/%u
  ForceCommand internal-sftp

Create sftp home dirctory

$ mkdir /sftp
$ mkdir /sftp/guestuser
$ mkdir /sftp/guestuser/incoming

# set folder ownership
$ chown guestuser:sftpusers /sftp/guestuser/incoming

# set folder group
$ chgrp -R sftpusers /sftp/general
# Give write permission to the group
$ chmod -R g+w /sftp/general

#setup common folder for a group
$ groupadd sftp
$ mkdir /home/sftp
$ chown nobody:sftp /home/sftp/common
$ chmod 770 /home/sftp/common
$ useradd -d /home/sftp/common -g sftp sam
$ useradd -d /home/sftp/common -g sftp tom

$ chmod g+s /home/sftp/common

# verify ownership
$ ls -ld /sftp/guestuser/incoming
drwxr-xr-x 2 guestuser sftpusers 4096 Dec 28 23:49 /sftp/guestuser/incoming

$ ls -ld /sftp/guestuser
drwxr-xr-x 3 root root 4096 Dec 28 23:49 /sftp/guestuser

$ ls -ld /sftp
drwxr-xr-x 3 root root 4096 Dec 28 23:49 /sftp

Restart sshd

$ service sshd restart

6 Test setup

# user should only able to access the incoming folder as root level
$ sftp guestuser@192.168.0.222

1.8 KiB Raw Blame History

sftp configurstion

Steps

1.8 KiB

Raw Blame History