Setup SFTP access for users

This will allow the user sftp access and bind that user only to their directory:

create a group for sftp users:

Now open the file /etc/ssh/sshd_config in your editor

Look for the line near the bottom of this file that looks like this.

And change it to this.

At the very bottom of this file you will need to add the following lines which restrict the “sftponly” user groups access when logging in via SSH.

Once you have added these lines save the file and restart the SSH process.

Next we will create the home directory for the user we are about to add where they will be allowed file access to as well as where they will be chrooted or jailed. This directory can be located wherever but for the sake of this tutorial I will use the following directory.

Now we will need to add a user as we normally would under Linux. At this time we will also specify the users home directory which we just created using the “-d” flag. Remember to replace “sally” with the login name for the user you wish to add.

Then we will need to change the group which the user we just added will belong to.

Next we will set our new user’s shell to /bin/false which will not allowing our new user shell login.

Set a password this user will use.

We will now need to give ownership to any files and folders within the new users home directory which may exist such as folders brought over from a skel or created by an administrator setting up the users home directory manually.

Now comes an important part the newly created users home directory MUST be owned by root. If this directory is not owned by root then the newly created user may not be chooted or jailed within their home directory possibly allowing them access to other directories under theirs.

if you get the following message:

apply the below to the dir:

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *