SFTP (SSH File Transfer Protocol) allows the access of data over the network. It is not based on FTP but rather is an extension of the SSH protocol. Again, it is different from FTP over SSH.
sudo apt-get update sudo apt-get install openssh-server |
In order to limit the usage of the sftp folders we create a group which will be used only for the sftp users/folders.
sudo groupadd <sftpgroup> |
It is recommended to not use a system user which has access to other things than the sftp folders.
The group id is needed for the creation of the sftp users. In order to find it out:
sudo grep <sftpgroup> /etc/group |
Create a user:
sudo useradd <username> -d / -g <sftpgroupid> -M -N -o -u <sftpgroupid> sudo passwd <username> |
The arguments we used:
Edit /etc/ssh/sshd_config and modify:
Subsystem sftp /usr/lib/openssh/sftp-server |
to
Subsystem sftp internal-sftp |
Add at the end of the file and replace <sftpfolder> by the folder you are going to use for sftp:
# SFTP configuration Match group <sftpgroup> ChrootDirectory <sftpfolder> X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp |
For the users to chroot into their home directory replace <sftpfolder> by %h
The root sftp folder needs to be set as owner root and permissions 755.
The folders and files under the ChrootDirectory need to be set has part of the group sftp.
Here are the right folder permissions for the following situation:
Type Ctrl + L once in Nautilus
In the address bar enter the sftp address as follow:
sftp://user@ip/folder |