SSH File Transfer Protocol
sudo apt-get update sudo apt-get install openssh-server |
In order to limit the usage of the sftp folders we create a group which will be used only for the sftp users/folders.
sudo groupadd <sftpgroup> |
It is recommended to not use a system user which has access to other things than the sftp folders.
The group id is needed for the creation of the sftp users. In order to find it out:
sudo grep <sftpgroup> /etc/group |
Create a user:
sudo useradd <username> -d / -g <sftpgroupid> -M -N -o -u <sftpgroupid> sudo passwd <username> |
The arguments we used:
Edit /etc/ssh/sshd.conf and modify:
Subsystem sftp /usr/lib/openssh/sftp-server |
to
Subsystem sftp internal-sftp |
Add at the end of the file and replace /var/www by the folder you are going to use for sftp (which can be /var/www):
# SFTP configuration Match group <sftpgroup> ChrootDirectory /var/www X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp |
The folders and files under the ChrootDirectory need to be set has part of the group sftp.
Here are the right folder permissions for the following situation: