Last active
August 29, 2015 13:56
-
-
Save jonforums/9171313 to your computer and use it in GitHub Desktop.
Chrooted SFTP users setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # New SFTP users are chrooted by OpenSSH in their homes rooted at /srv/sdrop. | |
| # Home directories are owned by root and not writeable by any other user. To | |
| # allow SFTP users to upload files, an `uploads` subdir owned by the SFTP user | |
| # is created in each user's home dir. Ensure /usr/sbin/nologin is listed in | |
| # /etc/shells | |
| sudo addgroup sftp | |
| sudo useradd -s /usr/sbin/nologin -d /srv/sdrop/xfer -G sftp -M xfer | |
| sudo passwd xfer | |
| sudo mkdir -p /srv/sdrop/xfer/uploads | |
| sudo chown xfer:xfer /srv/sdrop/xfer/uploads | |
| sudo vim /etc/ssh/sshd_config | |
| Subsystem sftp internal-sftp | |
| Match Group sftp | |
| AllowUsers * | |
| AllowGroups sftp | |
| ChrootDirectory %h | |
| ForceCommand internal-sftp | |
| PasswordAuthentication yes | |
| AllowTcpForwarding no | |
| sudo restart ssh | sudo systemctl restart sshd.service |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment