Build a SFTP Server on Linux
Introduction
In this article, we will build a SFTP server with following conditions:
- Users
can't
login via SSH - Users
can
login via SFTP - Users
can only
enter specified directories - Users
can
perform uploading and downloading in specified directories
Environment
GCP Ubuntu 18.04 The default user of the following operation is root. If you are not, put sudo in the beginning.
Create a SFTP group
- Create a group
- Make sure the group was created
Create SFTP users
- Create users
-g
: default group -d
: default home directory -s
: default shell, nologin shell is common used on system accounts, which are not granted with login permission
- Make sure the user was created
- If the user already existed, we could simply revise the setting
SSH configuration
- Open SSH config file
- Copy Subsystem for revising, and comment original one
- Specify group root directory
ChrootDirectory
: Set root directory of that group%u
: It means user, so whatever users' root directories will become the users' name. In this case, the root directory is /home/sftp-users/testForceCommand
: Force internal-sftp- The
Match
setting above should put at the end of the file, otherwise an error would occur
Directory allowed for uploading and downloading
- Build a folder allowed for the user to upload and download
-d
: type is directory -o
: owner -g
: group
The user is only allowed to upload and download in this upload folder Per SSH security regulation, the owner of chrootDirectory should be root, and only root could possess w permission. If the folder of chrootDirectory is not root, no one could login in
It’s Done!
Write Medium in Markdown? Try Markdium!