Creating SFTP accounts in Ubuntu – e.g for uploading website files

 In Ubuntu

Hi All

As stated before, I’m fairly new to the Linux world, but have been using it in earnest for about 18months now, and I like it. a lot.

I have recently setup a new webserver, using Cherokee on Ubuntu, and then had to undergo the task of giving SFTP access to users, so that they could upload their websites and files.

Here’s the instructions that I used, which we’re taken from http://shapeshed.com/journal/chroot_sftp_users_on_ubuntu_intrepid/

but didn’t entirely work, so I’m re-writing them with what worked on my webserver.

The process consists of 2 main steps

  1. create a user with the relevant settings
  2. setup ssh to work with the sftp group and accept inbound SFTP style connections

UserStuff

CREATE SFTP ACCOUNT

sudo groupadd sftp

no need to use sudo if you’re logged in as root. Bad practice, I know, but  takes out some confusion for people.

CREATE A USER and set their home directory as the root of their website folder

sudo useradd -d /var/www/thewebsite.com username

CREATE A PASSWORD

sudo passwd username

MODIFY THE USER TO ADD THEM TO YOUR NEW SFTP GROUP

sudo usermod  -g sftp username

MODIFY THE USER AND DENY ACCESS TO A SHELL – I.E THEY WON’T BE ABLE TO LOGIN TO A SHELL

sudo usermod -s /bin/false username

SSH Stuff

EDIT YOUR SSH CONFIG FILE

sudo vim /etc/ssh/sshd_config

CHANGE THE SUBSYSTEM line

Firstly comment out the following line

# Subsystem sftp /usr/lib/openssh/sftp-server

Then add

Subsystem sftp internal-sftp

Then add this to the bottom of the file

Match group sftp
X11Forwarding no
ChrootDirectory %h
AllowTcpForwarding no
ForceCommand internal-sftp

at this point I decided to restart ssh just to make sure the changes were ok

sudo /etc/init.d/ssh restart

If any of the lines are formatted badly ssh may not restart.

Finally you need to set the permissions of the website folder to allow access to the files for your new user. Basically, root needs to have access to the root website folder and your new user needs access to the files and folders beneath.

My websites live in /var/www. To check I issue

cd /var/www

ls -l

This shows me that all the website root folders are owned by root root, which is correct. If they are not you need to

chown root:root thewebsite.com

Then we need to set the permissions beneath this folder for the new user. So I

cd /var/www/thewebsite.com

chown username:sftp -R *

Now when I issue an ls-l I can see all the files owned by my user and in the group SFTP

and That’s It

Now users can be given the username and password setup, use a STFP client, such as CoreFTP Lite, and SFTP into my Ubuntu box. They ONLY have access to their folder as the root of their access is their home folder. they cannot browse anywhere else.

 

 

Showing 2 comments
  • Taylor Love

    I loooove youuuuuuu soooooo much. This worked for me when nothing else would. Thank you good sir.

  • priyank

    This is the most aweome tutorial i have ever found in internet which worked in single try.. 🙂

Leave a Comment

Contact Us

Call us on: 01332 890460 or Send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt