First, create a directory to keep the uploaded data
$ sudo mkdir /data
Then, create a special group for sftp users
$ sudo groupadd sftp_users
Next, create a user called newuser that doesn't have regular login privileges, as a member of the newly created group, home directory set to /upload, and shell set to /sbin/nologin.
$ sudo useradd -g sftp_users -d /upload -s /sbin/nologin newuser
Set a password for the new user
$ sudo passwd newuser
Create an sftp directory for the new user, and set proper permissions for the directory
$ sudo mkdir -p /data/newuser/upload$ sudo chown -R root:sftp_users /data/newuser$ sudo chown -R newuser:sftp_users /data/newuser/upload
Add below lines to the end of /etc/ssh/sshd_config. Use any text editor that you are familiar with. Save the file once done.
Match Group sftp_usersChrootDirectory /data/%uForceCommand internal-sftpd
Test /etc/ssh/sshd_config for any syntax error
$ sudo sshd -t -f /etc/ssh/sshd_config
Restart ssh if no error reported from the above command
$ sudo systemctl restart sshd
Now we can use the user to upload or download data from the server
$ sftp newuser@server.ip.add.ress
Use "get" command to download, and "put" command to upload file.
We can also use applications like winscp and filezilla, to get a user interface.
No comments:
Post a Comment