How to configure SFTP for Ubuntu Server

SSH file transfer protocol is a File Transfer Protocol that is more secure than common FTP. (Reference: http://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol) It works on Secure Shell (SSH) to ensure files are encrypted for transmission.

Because of work needs, I have studied how to configure SFTP on Ubuntu server. The record is as follows. Requirement: Activate the SFTP file service on the server to allow some users to upload and download files. However, these users can only transmit files using SFTP, and cannot access the server using SSH terminals, ubuntu sftp client and sftp cannot access system files (so-called "jail (Prison )"). The system administrator can use both SFTP to transmit files and SSH to remotely manage the server. For ease of discussion, I suppose I will allow users in the SFTP-users user group to use SFTP, but not SSH shell, the group of users will be "imprisoned" (modifying the root directory of the system ). Add sftp user ubuntu

I will create a user "Alice" in the SFTP-Users Group ". I will allow ssh-users to use SFTP and SSH. The Account Name of the system administrator is admin. Step 2. If you have not installed the OpenSSH server, install it first.

how to setup sftp on ubuntu

sudo apt-get install openssh-server

Step 2: create a user group for SFTP access to facilitate management of permissions.

Ubuntu restart sftp server

sudo addgroup sftp-users

Step 2: Create an SFTP user and configure the permissions. The second line here means that Alice is removed from all other user groups and added to the SFTP-Users Group, and her shell access is disabled. To learn more about The usermod command, run the following "Man usermod" command to view the help documentation.

sudo adduser alice

sudo usermod -G sftp-users -s /bin/false alice

How to install sftp in ubuntu 

Step 2: Create an SSH user group and add the administrator to the group. (Note that the-a parameter in usermod does not remove it from other user groups ).

sudo addgroup ssh-users

sudo usermod -a -G ssh-users admin

Ubuntu sftp

Step 2: Prepare the root directory and shared directory of "prison. The root directory of "prison" must meet the following requirements: the owner is root, and no other user can have write permission. Therefore, in order for SFTP users to upload files, they must create another shared file directory that can be written by common users under the "prison" root directory. To facilitate the Administrator to manage uploaded files through SFTP, I configured the shared file directory to be owned by the admin and allow sftp-users to read and write. In this way, the administrator and sftp user group members can read and write this directory.

sudo mkdir /home/sftp_root

sudo mkdir /home/sftp_root/shared

sudo chown admin:sftp-users /home/sftp_root/shared

sudo chmod 770 /home/sftp_root/shared

Step 2: Modify the SSH configuration file.

sudo nano /etc/ssh/sshd_config

Add the following content at the end of the sshd_config file: Allowgroups ssh-users sftp-Users Match group sftp-Users Chrootdirectory/home/sftp_root Allowtcpforwarding No X11forwarding No Forcecommand internal-SFTPThe content indicates that only SSH-uers and sftp-users are allowed to access the system through SSH. For sftp-users, additional settings are added: set "/home/sftp_root" to the system root directory of the group of users (so they will not be able to access system files other than this directory); disable TCP forwarding and X11 forwarding; force this group of users to only use SFTP. To learn more, run the "Man sshd_config" command. In this way, the SSH user group can access SSH without any restrictions, while the SFTP user group can only use SFTP for access and be put into the jail directory. Step 2: restart the system to make the new configuration take effect.

sudo reboot now

Done! Further discussion: the SSH user group will be able to remotely access all system files, and may not be applicable in all cases. In some cases, you may want to shut down SSH users. In this case, configuration similar to SFTP is required (except usermod-S/bin/false is not required), and the system files that allow SSH user access must be copied to the corresponding location in the root directory of the prison. You can search for the specific information on the Internet. I did not verify the information, so I will not mislead you. (In the above tutorial, I have compiled a lot of plausible materials from the Internet through my own experiments and verified them on the Ubuntu server 12.04 lts 64-bit system. I hate the tutorials that seem to be usable but are actually missing !) Reference: http://yhf8377.blog.163.com/blog/static/176860177201210217219800/http://ihacklog.com/post/how-to-enable-secure-shell-in-ubuntu.html

Http://blog.csdn.net/xiaosu_521/article/details/2157011
Http://www.linuxidc.com/Linux/2011-01/31022.htm

How to configure SFTP for Ubuntu Server