Wednesday, July 22, 2015

How to set up an SFTP user and restricted access to user home directory on CentOS

How to set up an SFTP user and restricted access to user home directory on CentOS

Add a new group called sftponly:

# groupadd sftponly

Edit sshd_config file:

# vim /etc/ssh/sshd_config

Match Group sftponly
 ChrootDirectory %h
 X11Forwarding no
 AllowTcpForwarding no
 ForceCommand internal-sftp

# systemctl restart sshd

Add a new user called sftp_user1:

# useradd sftp_user1 -m -c 'sftp only user' -s /sbin/nologin

Reset sftp_user1 password:

# passwd sftp_user1

Add the sftp_user1 user to sftponly group:

# usermod -a -G sftponly sftp_user1

The chroot directory needs to be owned by root so that the user/group can log in:

# chown root:sftponly /home/sftp_user1
# chmod 750 /home/sftp_user1

Create a new directory within the users home directory where files can be uploaded. Change the ownership of this directory to the new user and the sftponly group:

# cd ~sftp_user1
# mkdir shared_files
# chown sftp_user1:sftponly shared_files
# chmod 750 shared_files
# touch shared_files/index.html

Reference:

http://blog.ijun.org/2014/09/how-to-set-up-sftp-user-and-restricted.html

No comments: