Created
August 6, 2014 00:08
-
-
Save Tantas/309cf3ebc50a6a1d75d5 to your computer and use it in GitHub Desktop.
Create SFTP Server Guide
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Create SFTP Server Steps | |
echo "This is a guide. Do not execute this as a script." | |
exit -1 | |
# Create a restricted user with: | |
# -no shell access | |
# -no ssh access | |
# -no application access | |
# -no tcp forwarding | |
# -can only access specific folder for sftp | |
# Create the sftp users group | |
sudo groupdadd sftpusers | |
# Create an sftp user, give home dircetory of /var/sftp and remove ssh shell access | |
sudo useradd -g sftpusers -d /var/sftp -s /sbin/nologin sftpuser | |
sudo passwd sftpuser | |
# Verify the user was created successfully | |
sudo grep sftpuser /etc/passwd | |
# Modify /etc/ssh/sshd_config to use the internal-sftp, reuslt: | |
# sudo grep sftp /etc/ssh/sshd_config | |
# #Subsystem sftp /usr/libexec/openssh/sftp-server | |
# Subsystem sftp internal-sftp | |
# Put the group into a chrooted environment when they enter the server | |
# tail /etc/ssh/sshd_config | |
# Match Group sftpusers | |
# ChrootDirectory %h | |
# ForceCommand internal-sftp | |
# AllowTcpForwarding no | |
# Create the sftp directory | |
sudo mkdir -p /var/sftp | |
sudo chown sftpuser:sftpusers /var/sftp | |
# Bounce sshd | |
sudo service sshd restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment