Ubuntu Restrict SFTP to specific user with chroot and symbolic link

Ubuntu Restrict SFTP to specific user with chroot and symbolic link

Situation:

You have web site on

/home/Websites/XYZ

You want to allow an external user to SFTP only to this folder and read / write

Solution

Create user:
adduser sftpuser

The default home folder will be located on /home/”Username”

 Create system group:
Addgroup --system sftponly
 Add user to group:
usermod -G sftponly sftpuser
Change user home folder permission:
Chown -R sftpuser:sftponly /home/username
chown root:root /home/username (set permission only on the root)
chmod 755 /home/username
Edit the ssh config file
/etc/ssh/sshd_config
 Remark:
#Subsystem sftp /usr/lib/openssh/sftp-server

#UsePAM yes
 Add: (to the end of the file)
Subsystem sftp internal-sftp

Match group sftponly

ChrootDirectory %h

X11Forwarding no

AllowTcpForwarding no

ForceCommand internal-sftp

Restart SSH service

Service ssh restart

Link folder from different location to the SFTP user session:

Set the folder permissions to meet the user permissions

Chown -R sftpuser:sftponly /home/papagoadmin/cloudingnow

Mount the folder towards the user home folder:

Cd /home/sftpuser

Mkdir -p cloudingnow

Mount --bind /home/sftpuser/cloudingnow /home/papagoadmin/cloudingnow
About the Author
Nio

© 2019