Configuring simple sftp access for your server

Printer-friendly versionPDF version

So if you are using my odroid image you can basically skip Step 1 and goto Step 2. Step 1 is about configuring sshd daemon to allow sftp access and this is done on my odroid image availiable here. Step 2 is about adding new users that have sftp access on your server. This is not for existing users. The configuration for that is seperate. Look at the references section towards the end for hints on that.

Step 1: Setting up sshd for sftp

  • Open the file "/etc/ssh/sshd_config" for editing as su/root user.
  • Add the lines below to that the very end of the file. Note AllowUsers and AllowGroups directive. This restricts access to specified users and groups, if you choose to add it.
# restrict ssh access to only following users and groups
AllowUsers user1, user2, sftp
AllowGroups user1, user2, sftp

Match Group sftp
    ChrootDirectory /home/%u
    X11Forwarding no
    ForceCommand internal-sftp
    AllowTcpForwarding no
    PermitTunnel no

  • Finally execute the following line in shell  : "groupadd -r sftp"
  • As su/root do: "service ssh restart". If the service start successfully, your good to go.

 

Step 2 : Add a user and configure directories

Copy the following lines in a script, say "createSftpUser.sh", make it executeable. Than just run it with a parameter specifing a new sftp username to be created for e.g. "createSftpUser.sh new_Sftp_User". Enter the password when prompted for and your good to go.

#!/bin/bash

USERNAME=$1
HOME_DIR=/home/$1
mkdir -p $HOME_DIR/public_html

chown root:root $HOME_DIR
chmod 755 $HOME_DIR
chmod 775 $HOME_DIR/public_html

useradd -d $HOME_DIR -s /bin/false -g sftp $USERNAME
chown $1:sftp $HOME_DIR/public_html
echo "Provide password for $USERNAME"
passwd $USERNAME


References

So I found the following resources useful for this task

Top level category:

Add new comment