To upgrade existing packages, run the following command. This does not install any new packages.
sudo apt update
Next install openssl-server. It is not installed by default on ubuntu desktop edition.
sudo apt install openssh-server
Create a shared FTP directory
sudo mkdir /path/to/sftp_shared
Set the permission to this folder
sudo chown root:sftp_users /path/to/sftp_shared
n
sudo chmod 770 /path/to/sftp_shared
Add a new user
sudo adduser --shell /usr/bin/nologin --ingroup sftp_users --home /path/to/sftp_shared/ --disabled-password
OR
sudo adduser --shell /bin/false sftpuser
OR
sudo adduser
Create a new group
addgroup sftp_users
Add users to a this group
sudo usermod -aG sftp_users
Modify the SSH config. Open the ssd_config file in nano text editor
sudo nano /etc/ssh/sshd_config
Add the following lines to the bottom of the file
# Enable SFTP subsystemnSubsystem sftp internal-sftpnn# Match block for SFTP usersnMatch Group sftp_usersn ChrootDirectory /path/to/sftp_sharedn ForceCommand internal-sftpn X11Forwarding non AllowTcpForwarding no
Now restart the ssh service for changes to take effect
sudo service ssh restart
Troubleshooting
sudo tail -f /var/log/auth.log | grep sftp
nn
Tip: ChrootDirectory
n
Specifies the pathname of a directory to chroot(2) to after authentication. All components of the pathname must be root-owned directories that are not writable by any other user or group. After the chroot, sshd(8) changes the working directory to the user’s home directory.
Leave a Reply