Enabling SFTP-only access on Linux

Recently I had the need to share a zip file with a bunch of people that was big enough not to fit into email anymore. So I wanted to get it onto my server so that folks could grab it via SFTP from there. SFTP is setup by default on my Linux environment, so them accessing the machine was trivial. However, I didn’t want to give them full access to the entire machine where they could randomly up- and download files anywhere. What I needed was some way of giving them a user which was self-contained, with no SSH privileges and bound to a single location on the filesystem. Luckily, setting something like this up was much easier than I thought, and here is how you can do it yourself. Note, all commands below are executed as the root user:

tl;dr

  1. useradd <your sftp user> -s /sbin/nologin -M
  2. passwd <your sftp user>
    1. Enter your sftp user password and confirm
  3. vi /etc/ssh/sshd_config
  4. Match User <your sftp user>
       ChrootDirectory <your sftp user directory>
       ForceCommand internal-sftp
       AllowTcpForwarding no
       X11Forwarding no
    
  5. service sshd restart

Continue reading “Enabling SFTP-only access on Linux”

%d bloggers like this: