Home/ Questions/Q 5369
Next
In Process

askthedev.com Latest Questions

Asked: 2024-09-25T03:46:50+05:30 In:

How can I set up a user in Ubuntu 18.04 that can only access the system through SFTP?

I’m trying to figure out how to set up a user in Ubuntu 18.04 who can only access the system through SFTP. I have a specific project in mind where I need to share files securely with a user but don’t want them to have full shell access to the server. I’ve read a bit about configuring SSH, but the whole process still feels a bit overwhelming.

So, first things first, I created a new user with the `adduser` command, which seemed pretty straightforward. However, I’m not entirely sure how to restrict that user to only SFTP access. I’ve come across some resources online, and they mention editing the SSH configuration file, but when I peeked inside, it just felt like a maze of options and settings. I definitely don’t want to mess anything up because the server is used for other purposes.

I also heard that I might need to create an SFTP-only group and then add my user to that group. That sounds like a good approach, but I’m lost on how to do that effectively. Do I need to change file permissions, and if so, how specifically? Plus, there’s this question about setting up the proper directory structure for the user. Do I just create a home directory for them, or do I need to set it up in a specific way for SFTP to work properly?

It feels like a lot of steps to keep track of, and I really don’t want to end up with a half-baked solution. I’m looking for a clear, step-by-step way to do this. If anyone has experienced this before or knows of a good way to properly restrict a user to SFTP only, your guidance would be immensely helpful. Also, any tips on troubleshooting common issues after the setup would be great. I really appreciate any advice you can share!

Share

    Leave an answer

    You must login to add an answer.

    Need An Account,

    2 Answers



    1. How to Set Up SFTP User in Ubuntu 18.04


      Setting Up an SFTP User in Ubuntu 18.04

      It sounds like you’re on the right track with your new user! Follow these steps to restrict that user to SFTP access only:

      1. Create a New User

      sudo adduser yourusername

      Make sure to replace yourusername with your desired username. Follow the prompts to set a password and fill in any additional info.

      2. Create an SFTP Group (optional)

      You can create a new group for SFTP users if you want:

      sudo groupadd sftpusers

      Then add your new user to this group:

      sudo usermod -aG sftpusers yourusername

      3. Edit the SSH Configuration

      Next, you need to configure SSH to restrict users to SFTP:

      sudo nano /etc/ssh/sshd_config

      Scroll to the bottom and add this configuration:

      Match Group sftpusers
        ChrootDirectory /home/%u
        ForceCommand internal-sftp
        AllowTcpForwarding no

      4. Set Up Directory Structure

      You’ll need to ensure the directory structure is correct:

      sudo mkdir /home/yourusername
    sudo chown root:root /home/yourusername
    sudo chmod 755 /home/yourusername
    sudo mkdir /home/yourusername/upload
    sudo chown yourusername:sftpusers /home/yourusername/upload

      This setup creates an upload directory where the user can drop files but restricts them from accessing higher directories.

      5. Restart SSH Service

      After you’ve made these changes, restart the SSH service:

      sudo systemctl restart sshd

      Troubleshooting Tips

      If you run into issues:

      • Check permissions on the home directory and ensure ChrootDirectory is owned by root.
      • Look in the system logs for any SSH-related errors: sudo tail -f /var/log/auth.log.

      Good luck! Once you’ve set this up, you should be all set for secure file sharing via SFTP with your user!


    2. To set up a user in Ubuntu 18.04 for SFTP-only access, begin by creating a new user with the adduser command. After that, you will need to modify the SSH configuration file located at /etc/ssh/sshd_config. Look for a section that includes the Subsystem sftp line; it typically looks like this: Subsystem sftp internal-sftp. Then, at the end of the file, add a block that restricts users to SFTP only. For example: Match User username, followed by ForceCommand internal-sftp and ChrootDirectory /home/username. Make sure to replace username with the actual name of the user you’ve created. Save the changes and restart the SSH service using sudo systemctl restart sshd to apply your modifications.

      Next, you’ll want to create an SFTP-only group for better organization and permissions management. You can use the command sudo groupadd sftpusers to create a new group. Then, add your user to this group with sudo usermod -aG sftpusers username. For the directory structure, ensure that the user’s home directory (/home/username) is appropriately set up by executing sudo chown root:root /home/username and sudo chmod 755 /home/username. Finally, create a subdirectory within the user’s home directory where they can upload files by executing mkdir /home/username/upload and setting the ownership with sudo chown username:sftpusers /home/username/upload, and permission with chmod 755 /home/username/upload. This setup should restrict the user to SFTP access only and allow them to upload files securely. If troubleshooting is needed later, checking the SSH logs in /var/log/auth.log can help target any issues that arise.

    Related Questions