Setup SFTP on Ubuntu

posted in: Linux | 0

Setup SFTP on Ubuntu How?

I am not sure this is the best way to do this nor am I sure it is that secure. But this is how I did it.

Edit
sudo nano /etc/ssh/sshd_config

modify the Subsystem sftp line to look like the following:
Subsystem sftp internal-sftp

Then add this block of text to the end of that same file:
Match group sftpusers
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

sudo service ssh restart

sudo addgroup –system sftpusers

Create a folder for your website
sudo mkdir /var/www/website
sudo mkdir /var/www/website/website

Yes you need them both. The first one is a landing page for the SFTP jailed user. The second one is where your website files go.

Now making the user is the hardest part.
Create a new user that is in the group sftpusers you can do it all in one line but this is how I did it.
sudo adduser –home /var/www/website newuser
sudo usermod -G sftpusers newuser

Now let set the rights on the folders
sudo chown root:root /var/www/website
sudo chown -R www-data:sftpusers /var/www/website/website
sudo chown -R www-data:sftpusers /var/www/website/website/*
sudo chmod -R 0755 /var/www/website/website
sudo chmod 0755 /var/www/website

Notes:
It would be best to add a shell that did not let someone login via SSH
sudo nano /etc/shells
At the bottom of that file add this lone
/usr/sbin/nologin

Then edit
sudo nano /etc/passwd
At the bottom of this file you should see the user you just created. Make sure you replace the Shell with the new one you just create something like this.
newuser:x:0000:0000:,,,:/var/www/website:/usr/sbin/nologin

Also if you making this public you should add
fail2ban just Google it and you will see how to install.

Now if I have not forgotten anything that should work.

Leave a Reply

You must be logged in to post a comment.