To upgrade existing packages, run the following command. This does not install any new packages.
sudo apt update
Next install openssl-server. It is not installed by default on ubuntu desktop edition.
sudo apt install openssh-server
Create new SFTP Users group
sudo addgroup sftp_users
Create a new user account
sudo adduser newuser
Add this new user to the sftp_users group
sudo usermod -G sftp_users newuser
Restrict the user from accessing files outside the home directory
sudo chown root:root /home/newuser
Now, create new subdirectories within the user home directory. These are used for file transfer.
sudo mkdir /home/newuser/uploads
Grant the user ownership rights to the subdirectories.
sudo chown -R newuser:newuser /home/newuser/uploads
Then, allow read and write permissions to all files within the home directory.
sudo chmod -R 755 /home/newuser
n
Modify the SSH config. Open the ssd_config file in nano text editor
sudo nano /etc/ssh/sshd_config
Add the following lines to the bottom of the file
# Enable SFTP subsystemnSubsystem sftp internal-sftpnn# Match block for SFTP usersnMatch Group sftp_usersn ChrootDirectory %hn ForceCommand internal-sftpn X11Forwarding non PasswordAuthentication yesn AllowTcpForwarding no
Below are the functions for each of the above configuration lines:
- n
- Match Group sftpcorner: Match the user group sftpcorner.
- ChrootDirectory %h: Restrict access to directories within the user’s home directory.
- PasswordAuthentication yes: Enable password authentication.
- AllowTcpForwarding no: Disable TCP forwarding.
- X11Forwarding no: Don’t permit Graphical displays.
- ForceCommand internal-sftp: Enable SFTP only with no shell access.
n
n
n
n
n
n
Now restart the ssh service for changes to take effect
sudo service ssh restart
Troubleshooting
sudo tail -f /var/log/auth.log | grep sftp
nn
Tip: ChrootDirectory
n
Specifies the pathname of a directory to chroot(2) to after authentication. All components of the pathname must be root-owned directories that are not writable by any other user or group. After the chroot, sshd(8) changes the working directory to the user’s home directory.
Leave a Reply