Differences

This shows you the differences between two versions of the page.

--- documentation:sftp_jail [2020/02/01 12:35] – external edit 127.0.0.1
+++ documentation:sftp_jail [2020/02/02 15:15] (current) – removed lucid
@@ Line 1: / Line 1: @@
-======Create Secure SFTP Server with User Jails======
-===== Basics =====
-Step 1 : Install OpenSSH package if not installed
-<code>sudo apt-get install openssh-server</code>
-Step 2 : Create separate group for SFTP users.
-<code>sudo addgroup sftpaccess</code>
-Step 3 : Edit /etc/ssh/sshd_config file and make changes as below. Comment out this line: \\
-**Subsystem sftp /usr/lib/openssh/sftp-server**\\
-and add these lines to the end of the file.
-<code>
-...
-Match User sammyfiles
-ForceCommand internal-sftp
-PasswordAuthentication yes
-ChrootDirectory /var/sftp
-PermitTunnel no
-AllowAgentForwarding no
-AllowTcpForwarding no
-X11Forwarding no
-...
-</code>
-Step 4 : Restart sshd service.
-<code>sudo systemctl restart ssh</code>
-Step 5 : Add user with sftpaccess group and create password.
-<code>sudo adduser <user> --ingroup sftpaccess --shell /usr/sbin/nologin</code>
-Step 6 : Modify home directory permission.
-<code>sudo chown root:root /home/<user></code>
-Step 7 : Create a directory inside home for upload and modify permission with group.
-<code>sudo mkdir /home/<user>/www
- sudo chown <user>:sftpaccess /home/<user>/www
-</code>
-===== Multiple Users =====
-To create multiple users with their individual jails, simply create separate users and their induvidual sftpaccess-<user> groups.
-<code>sudo addgroup sftpaccess-<user></code>
-And this needs to be reflected while creating the user as well.
-<code>sudo adduser <user> --ingroup sftpaccess-<user> --shell /usr/sbin/nologin</code>
-Lastly simply add the share to the ssh config file.
-<code>
- Match group sftpaccess-<user>
-         ChrootDirectory <path>
-         X11Forwarding no
-         AllowTcpForwarding no
-         ForceCommand internal-sftp
-</code>