Step 1: Install OpenSSH Server
sudo apt update && sudo apt install openssh-serverStep 2: Create a Group for SFTP Users
sudo groupadd sftpusersStep 3: Create a Directory for the user & set permission
sudo mkdir -p /sftp/sftpuser1/uploadSet permission as root to user directory
sudo chown root:root /sftp/sftpuser1sudo chmod 755 /sftp/sftpuser1Step 4: Create a new SFTP User
Create a new user and add them to the sftpusers group:
sudo useradd -d /sftp/sftpuser1 -s /usr/sbin/nologin -G sftpusers sftpuser1sudo passwd sftpuser1Step 5: Change ownership of user directory
Create a directory for the user within a restricted directory, such as /sftp:
sudo chown sftpuser1:sftpusers /sftp/sftpuser1/uploadsudo chmod 755 /sftp/sftpuser1/uploadStep 6: Configure SSHD for SFTP
Step 6 and below is only needed for one time server setup.
sudo nano /etc/ssh/sshd_configAdd the following at the end of the file:
Match Group sftpusers
ChrootDirectory /sftp/%u
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding noStep 7: Restart the SSH Service
Restart the SSH service to apply the changes:
sudo systemctl restart sshStep 8: Verify the Configuration
Test the SFTP access with the new user:
sftp sftpuser1@your_server_ipThis configuration ensures that:
- The user can only access their own folder within
/sftp/sftpuser1. - The user is restricted to SFTP-related commands only.
Repeat Steps 3 and 4 to add more users as needed, replacing sftpuser1 with the new username
To check the logs for ssh connection please execute below command:
sudo tail -f /var/log/auth.logAll done. Please comment below if you have any questions.
