I’m trying to figure out how to set up a user in Ubuntu 18.04 who can only access the system through SFTP. I have a specific project in mind where I need to share files securely with a user but don’t want them to have full shell access to the server. I’ve read a bit about configuring SSH, but the whole process still feels a bit overwhelming.
So, first things first, I created a new user with the `adduser` command, which seemed pretty straightforward. However, I’m not entirely sure how to restrict that user to only SFTP access. I’ve come across some resources online, and they mention editing the SSH configuration file, but when I peeked inside, it just felt like a maze of options and settings. I definitely don’t want to mess anything up because the server is used for other purposes.
I also heard that I might need to create an SFTP-only group and then add my user to that group. That sounds like a good approach, but I’m lost on how to do that effectively. Do I need to change file permissions, and if so, how specifically? Plus, there’s this question about setting up the proper directory structure for the user. Do I just create a home directory for them, or do I need to set it up in a specific way for SFTP to work properly?
It feels like a lot of steps to keep track of, and I really don’t want to end up with a half-baked solution. I’m looking for a clear, step-by-step way to do this. If anyone has experienced this before or knows of a good way to properly restrict a user to SFTP only, your guidance would be immensely helpful. Also, any tips on troubleshooting common issues after the setup would be great. I really appreciate any advice you can share!
To set up a user in Ubuntu 18.04 for SFTP-only access, begin by creating a new user with the
adduser
command. After that, you will need to modify the SSH configuration file located at/etc/ssh/sshd_config
. Look for a section that includes theSubsystem sftp
line; it typically looks like this:Subsystem sftp internal-sftp
. Then, at the end of the file, add a block that restricts users to SFTP only. For example:Match User username
, followed byForceCommand internal-sftp
andChrootDirectory /home/username
. Make sure to replaceusername
with the actual name of the user you’ve created. Save the changes and restart the SSH service usingsudo systemctl restart sshd
to apply your modifications.Next, you’ll want to create an SFTP-only group for better organization and permissions management. You can use the command
sudo groupadd sftpusers
to create a new group. Then, add your user to this group withsudo usermod -aG sftpusers username
. For the directory structure, ensure that the user’s home directory (/home/username
) is appropriately set up by executingsudo chown root:root /home/username
andsudo chmod 755 /home/username
. Finally, create a subdirectory within the user’s home directory where they can upload files by executingmkdir /home/username/upload
and setting the ownership withsudo chown username:sftpusers /home/username/upload
, and permission withchmod 755 /home/username/upload
. This setup should restrict the user to SFTP access only and allow them to upload files securely. If troubleshooting is needed later, checking the SSH logs in/var/log/auth.log
can help target any issues that arise.Setting Up an SFTP User in Ubuntu 18.04
It sounds like you’re on the right track with your new user! Follow these steps to restrict that user to SFTP access only:
1. Create a New User
Make sure to replace
yourusername
with your desired username. Follow the prompts to set a password and fill in any additional info.2. Create an SFTP Group (optional)
You can create a new group for SFTP users if you want:
Then add your new user to this group:
3. Edit the SSH Configuration
Next, you need to configure SSH to restrict users to SFTP:
Scroll to the bottom and add this configuration:
4. Set Up Directory Structure
You’ll need to ensure the directory structure is correct:
This setup creates an upload directory where the user can drop files but restricts them from accessing higher directories.
5. Restart SSH Service
After you’ve made these changes, restart the SSH service:
Troubleshooting Tips
If you run into issues:
ChrootDirectory
is owned by root.sudo tail -f /var/log/auth.log
.Good luck! Once you’ve set this up, you should be all set for secure file sharing via SFTP with your user!