Step 1: Install OpenSSH Server
sudo apt update && sudo apt install openssh-server
Step 2: Create a Group for SFTP Users
sudo groupadd sftpusers
Step 3: Create a Directory for the user & set permission
sudo mkdir -p /sftp/sftpuser1/upload
Set permission as root to user directory
sudo chown root:root /sftp/sftpuser1
sudo chmod 755 /sftp/sftpuser1
Step 4: Create a new SFTP User
Create a new user and add them to the sftpusers
group:
sudo useradd -d /sftp/sftpuser1 -s /usr/sbin/nologin -G sftpusers sftpuser1
sudo passwd sftpuser1
Step 5: Change ownership of user directory
Create a directory for the user within a restricted directory, such as /sftp
:
sudo chown sftpuser1:sftpusers /sftp/sftpuser1/upload
sudo chmod 755 /sftp/sftpuser1/upload
Step 6: Configure SSHD for SFTP
Step 6 and below is only needed for one time server setup.
sudo nano /etc/ssh/sshd_config
Add the following at the end of the file:
Match Group sftpusers
ChrootDirectory /sftp/%u
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
Step 7: Restart the SSH Service
Restart the SSH service to apply the changes:
sudo systemctl restart ssh
Step 8: Verify the Configuration
Test the SFTP access with the new user:
sftp sftpuser1@your_server_ip
This configuration ensures that:
- The user can only access their own folder within
/sftp/sftpuser1
. - The user is restricted to SFTP-related commands only.
Repeat Steps 3 and 4 to add more users as needed, replacing sftpuser1
with the new username
To check the logs for ssh connection please execute below command:
sudo tail -f /var/log/auth.log
All done. Please comment below if you have any questions.