Linux sshd to create only sftp landing users, with SFTP instead of FTP

The most common ssh while SSH service is provided by SSHD when remotely landing on a Linux server, and sshd also provides SFTP functionality.

Here the user sftp-admin, only can sftp connect the server and cannot ssh to connect the server.

SFTP Connection: OK
SSH Connection: NG

Create Sftp-admin User

Create the root directory for/var/www/html, the group is the Apache sftp-admin user.

# useradd-d/var/www/html-s/bin/bash sftp-admin-g Apache
# passwd Sftp-admin

modifying sshd_config files

The following is a sample of the/etc/ssh/sshd_config file that is removed from the annotation section.

Port 38080-> sshd default ports are 22 here instead of 38080

Hostkey/etc/ssh/ssh_host_rsa_key
Hostkey/etc/ssh/ssh_host_ecdsa_key
Hostkey/etc/ssh/ssh_host_ed25519_key

Syslogfacility Authpriv
Permitrootlogin no-> prohibit root users from accessing the server directly
Denyusers toor Administrator administrateur admin adm Test Guest info mysql user Oracle

Authorizedkeysfile. Ssh/authorized_keys

Passwordauthentication Yes
Challengeresponseauthentication No

Gssapicleanupcredentials No

x11forwarding Yes
Useprivilegeseparation Sandbox

Acceptenv LANG lc_ctype lc_numeric lc_time lc_collate lc_monetary lc_messages
Acceptenv lc_paper lc_name lc_address lc_telephone lc_measurement
Acceptenv lc_identification Lc_all LANGUAGE
Acceptenv xmodifiers

subsystem Sftp/usr/libexec/openssh/sftp-server-> Specifies the process for providing SFTP services

Match user sftp-*-> only sftp login when user name is sftp-
Forcecommand internal-sftp
The most important here is the following section, while the rest of the section can use the default configuration.

subsystem Sftp/usr/libexec/openssh/sftp-server

Match User sftp-*
Forcecommand internal-sftp

Restart sshd

# Service Sshd Restart