Create ftp users in Ubuntu

I tried following tutorials to create sftp users in Ubuntu using flush console and can’t get a response.

1 Reply

Whether you are a system administrator or just like to have fun tinkering with Linux, you might be wondering; "How can I let people upload files securely without giving them access to the rest of my system?" If this is you, then congratulations you have found the right post.

To accomplish this we are going to use SFTP (Secure File Transfer Protocol). This takes the same FTP we know and love, but uses SSH to ensure the data being transmitted is encrypted and kept safe from prying eyes. By default, SSH users will be able to view the entirety of a Linode's filesystem. We will need to restrict this:

First, we need to create a user group which will be used to for the limited access accounts

addgroup --system $groupname

Next, you will need to modify each user account you wish to restrict. This step will limit them to using SFTP and prevent them from launching any remote shells.

usermod -G $groupname $user
chown root:root /home/$user
chown 755 /home/$user

Now, let's create a directory for each user in our new user group for which they will have full access. This command can be modified to fit any directory you wish to grant access to.

cd /home/$user
mkdir $docs $website_docs
chown $user:$groupname *

Our last step is to modify our sshd config file and set some rules for our sftp user group.

sudo nano /etc/ssh/sshd_config

Add the following at the end of this file.

Match User $groupname
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /home/$user
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

Restart the ssh service for changes to take effect.

sudo service ssh restart

This was a basic run down for creating an SFTP user group without shell access. I've included some links below which can provide further details. As always, I encourage everyone to build upon this post; to share you experiences and any additional tips.

https://www.linode.com/docs/tools-reference/tools/limiting-access-with-sftp-jails-on-debian-and-ubuntu/

https://tecadmin.net/create-sftp-user-without-shell-access-on-ubuntu/

https://wiki.archlinux.org/index.php/SFTP_chroot

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct