Set up an sftp user

2/4/2017 - 4:11 PM

# set up SFTP (https://devtidbits.com/2011/06/29/implement-a-sftp-service-for-ubuntudebian-with-a-chrooted-isolated-file-directory/) 
# install openssh-server

  sudo apt-get install openssh-server

# add new group

  sudo groupadd sftpconnect

# get new group's id

  cat /etc/group

# add new user

  sudo useradd sftpuser -d / -g [sftpconnect group id] -M -N -o -u [sftpconnect group id]
  # -d is the user home directory which needs to be set to / (root)
  # -g is the user group id to assign
  # -M stops the useradd command creating a home directory
  # -N stops the useradd command creating a group with the same name as the new user
  # -u is the user id, which in our case needs to be the same id value as sftpconnect
  # -o allows duplicate, non-unique user ids

# set password
  
  sudo passwd sftpuser

# change in /etc/ssh/sshd_config

  Subsystem sftp /usr/lib/openssh/sftp-server
  # to
  Subsystem sftp internal-sftp

# add this to the end of the file

  Match group sftpconnect     # assigns the following rules to members of sftpconnect
  ChrootDirectory /var/www    # change root directory
  X11Forwarding no            # disables X11 forwarding
  AllowTcpForwarding no       # disables TCP forwarding
  ForceCommand internal-sftp  # forces internal-sftp

# set permissions and ownership for the root driectory just set up for sftp

	sudo chmod -R 755 /var/www permission
	sudo chmod -R 755 /var/www/html permission
	sudo chown -R root:sftpconnect /var/www/html

# and restart

  sudo service ssh restart

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

Set up an sftp user