Skip to content

Instantly share code, notes, and snippets.

@Tantas
Created August 6, 2014 00:08
Show Gist options
  • Save Tantas/309cf3ebc50a6a1d75d5 to your computer and use it in GitHub Desktop.
Save Tantas/309cf3ebc50a6a1d75d5 to your computer and use it in GitHub Desktop.
Create SFTP Server Guide
#!/bin/bash
# Create SFTP Server Steps
echo "This is a guide. Do not execute this as a script."
exit -1
# Create a restricted user with:
# -no shell access
# -no ssh access
# -no application access
# -no tcp forwarding
# -can only access specific folder for sftp
# Create the sftp users group
sudo groupdadd sftpusers
# Create an sftp user, give home dircetory of /var/sftp and remove ssh shell access
sudo useradd -g sftpusers -d /var/sftp -s /sbin/nologin sftpuser
sudo passwd sftpuser
# Verify the user was created successfully
sudo grep sftpuser /etc/passwd
# Modify /etc/ssh/sshd_config to use the internal-sftp, reuslt:
# sudo grep sftp /etc/ssh/sshd_config
# #Subsystem sftp /usr/libexec/openssh/sftp-server
# Subsystem sftp internal-sftp
# Put the group into a chrooted environment when they enter the server
# tail /etc/ssh/sshd_config
# Match Group sftpusers
# ChrootDirectory %h
# ForceCommand internal-sftp
# AllowTcpForwarding no
# Create the sftp directory
sudo mkdir -p /var/sftp
sudo chown sftpuser:sftpusers /var/sftp
# Bounce sshd
sudo service sshd restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment