Home » Wiki » Create sftp only accounts on ubuntu server

Create sftp only accounts on ubuntu server

Submitted by rac on 25 November, 2011 - 23:52.

Configuring OpenSSH

Edit the file /etc/ssh/sshd_config and change the line that starts with 

 Subsystem sftp /.....

to 

 Subsystem sftp sftp-internal /.....

and add following block at the end of this file: 

 Match group filetransfer
   ChrootDirectory %h
   X11Forwarding no
   AllowTcpForwarding no
   ForceCommand internal-sftp

Finally restart OpenSSH 

 /etc/init.d/ssh restart

Create the sftp only group 

 addgroup filetransfer

Create a user and jail it into that group (no SSH login allowed for them) 

 adduser username
 usermod -G filetransfer username
 chown root:root /home/username
 chmod 755 /home/username

Create an upload dir 

 mkdir /home/username/upload
 chown username:username /home/username/upload

Trackback URL for this post:

http://www.2030.tk/trackback/259
»

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Use <fn>...</fn> to insert automatically numbered footnotes.
  • You can use the <go> tags just like the <a> for nicer urls.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>. Beside the tag style "<foo>" it is also possible to use "[foo]".
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.