#Set Up restricted SFTP Access You can use OpenSSH to allow users to have restricted SFTP access to your filesystem.
This guide is for OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 running on Ubuntu Server 14.04.1 LTS.
Set Up a New User
# Create a new user useradd guest-user # Set a password passwd guest-user # Set the home directory for the new user to the target site directory usermod -d /var/www/yoursite.com/public_html/subsite guest-user
Block SSH Access
Prevent the user from accessing the server’s shell - so they can’t access by SSH:
sudo usermod -s /bin/false guest-user
First make a backup of sshd_config. Then edit the SSH config file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_bak sudo nano /etc/ssh/sshd_config
First set the sftp subsystem:
#Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp internal-sftp
Then append this stanza to the end of the file:
Match user guest-user ChrootDirectory /var/www/yoursite.com/public_html/subsite X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
Note that I had trouble making this work by matching Groups - which would obviously be a more efficient way of setting this up.
Ctrl + o to save, Ctrl + x to exit.
Restart SSH - use THIS:
sudo service ssh restart
DON’T use this:
sudo /etc/init.d/ssh restart
If you try to connect via SSH for the new user, you’ll see this:
david@david-desktop:~$ ssh -p 1234 firstname.lastname@example.org email@example.com's password: Could not chdir to home directory /var/www/yoursite.com/public_html/subsite: No such file or directory This service allows sftp connections only. Connection to 220.127.116.110 closed.
Remember to set the correct port for SSH access when accessing via SFTP.
- SFTP Chapter, Open SSH Cookbook - an excellent free online book that outlines how to configure SSH.
- Ubuntu Guide to OpenSSH Server
comments powered by Disqus