Add a new group called sftponly:
# groupadd sftponly
Edit sshd_config file:
# vim /etc/ssh/sshd_config
Match Group sftponly
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp# systemctl restart sshd
Add a new user called sftp_user1:
# useradd sftp_user1 -m -c 'sftp only user' -s /sbin/nologin
Reset sftp_user1 password:
# passwd sftp_user1
Add the sftp_user1 user to sftponly group:
# usermod -a -G sftponly sftp_user1
The chroot directory needs to be owned by root so that the user/group can log in:
# chown root:sftponly /home/sftp_user1
# chmod 750 /home/sftp_user1
Create a new directory within the users home directory where files can be uploaded. Change the ownership of this directory to the new user and the sftponly group:
# cd ~sftp_user1
# mkdir shared_files
# chown sftp_user1:sftponly shared_files
# chmod 750 shared_files
# touch shared_files/index.html
Reference:
http://blog.ijun.org/2014/09/how-to-set-up-sftp-user-and-restricted.html
No comments:
Post a Comment