Skip to content
Home » setup ftp only access for server and for multiple users

setup ftp only access for server and for multiple users

ftp access

By following steps mentioned below, you can allow a user(s) to access the server via FTP and allow access to only their home directories.
In below setting/configs, using “testuser1” as username and directory “user_homedir_1” to allow access for “testuser1”.
access server via terminal/ssh/command line and then follow steps to executed mentioned commands for setup.

  1. First, create a group named sftp (add only if there is no sftp group else no need to add):
    Plain text
    Copy to clipboard
    Open code in new window
    EnlighterJS 3 Syntax Highlighter
    groupadd sftp
    groupadd sftp
    groupadd sftp
  2. Add user to group and directory:
    Plain text
    Copy to clipboard
    Open code in new window
    EnlighterJS 3 Syntax Highlighter
    useradd -g sftp -d /home/user_homedir_1 testuser1
    useradd -g sftp -d /home/user_homedir_1 testuser1
    useradd -g sftp -d /home/user_homedir_1 testuser1
  3. Create /home/user_homedir_1 directory and setup directory access mode and owner.
    Plain text
    Copy to clipboard
    Open code in new window
    EnlighterJS 3 Syntax Highlighter
    mkdir /home/user_homedir_1
    chown root:root user_homedir_1cd /home/user_homedir_1
    sudo mkdir user_datadir_1
    sudo chown root:root user_datadir_1
    mkdir /home/user_homedir_1 chown root:root user_homedir_1cd /home/user_homedir_1 sudo mkdir user_datadir_1 sudo chown root:root user_datadir_1
    mkdir /home/user_homedir_1
    chown root:root user_homedir_1cd /home/user_homedir_1
    sudo mkdir user_datadir_1
    sudo chown root:root user_datadir_1
  4. Create ssh directory in the home directory and set up public/private keys for accessing the server and home folder of the user.
    Plain text
    Copy to clipboard
    Open code in new window
    EnlighterJS 3 Syntax Highlighter
    mkdir /home/user_homedir_1/.ssh
    cd /home/user_homedir_1/.ssh
    ssh-keygen -f testuser1 -t rsa
    cat testuser1.pub >> /home/user_homedir_1/.ssh/authorized_keys
    chmod 700 .ssh
    chown testuser1:sftp .ssh
    chown testuser1:sftp testuser1 testuser1.pub
    chmod 644 authorized_keys
    chown root:sftp authorized_keys
    mkdir /home/user_homedir_1/.ssh cd /home/user_homedir_1/.ssh ssh-keygen -f testuser1 -t rsa cat testuser1.pub >> /home/user_homedir_1/.ssh/authorized_keys chmod 700 .ssh chown testuser1:sftp .ssh chown testuser1:sftp testuser1 testuser1.pub chmod 644 authorized_keys chown root:sftp authorized_keys
    mkdir /home/user_homedir_1/.ssh
    cd /home/user_homedir_1/.ssh
    ssh-keygen -f testuser1 -t rsa
    cat testuser1.pub >> /home/user_homedir_1/.ssh/authorized_keys
    chmod 700 .ssh
    chown testuser1:sftp .ssh
    chown testuser1:sftp testuser1 testuser1.pub
    chmod 644 authorized_keys
    chown root:sftp authorized_keys
  5. Edit sshd_config to add user access setting and group setting. Open file sshd_config to edit.

    Plain text
    Copy to clipboard
    Open code in new window
    EnlighterJS 3 Syntax Highlighter
    vim /etc/ssh/sshd_config
    vim /etc/ssh/sshd_config
    vim /etc/ssh/sshd_config
  6. Add below configs at the end of the file.
    Plain text
    Copy to clipboard
    Open code in new window
    EnlighterJS 3 Syntax Highlighter
    PasswordAuthentication no
    AllowUsers ec2-user testuser1Match User testuser1
    ChrootDirectory /home/user_homedir_1/user_datadir_1
    ForceCommand internal-sftp
    AllowAgentForwarding no
    AllowTcpForwarding no
    PermitTunnel no
    X11Forwarding no
    PasswordAuthentication no AllowUsers ec2-user testuser1Match User testuser1 ChrootDirectory /home/user_homedir_1/user_datadir_1 ForceCommand internal-sftp AllowAgentForwarding no AllowTcpForwarding no PermitTunnel no X11Forwarding no
    PasswordAuthentication no
    AllowUsers ec2-user testuser1Match User testuser1
    ChrootDirectory /home/user_homedir_1/user_datadir_1
    ForceCommand internal-sftp
    AllowAgentForwarding no
    AllowTcpForwarding no
    PermitTunnel no
    X11Forwarding no
  7. Restart ssh on the server.

    Plain text
    Copy to clipboard
    Open code in new window
    EnlighterJS 3 Syntax Highlighter
    sudo service ssh restart
    sudo service ssh restart
    sudo service ssh restart
  8. Download private key and use that to access server via FTP. you will need to convert private key into PPK format for putty.
  9. Now you can access the server via FTP using the serving host, key as the above downloaded private key.
    On successful login to server /home/user_homedir_1/user_datadir_1 will be loaded by default as we have added config in step 5 and other folders/file of the server will not be accessed.
    Screen Shot 2016-08-13 at 4.03.37 pm
  10. Similarly, if you want to allow FTP access to more users then you can follow all steps to add config for other users and allow them to access folders to which they are added/allowed.
  11. And if you want to allow a group of users to access a specific home directory then in step 5, change “Match User <username> to “Match Group sftp.

Leave a Reply

Your email address will not be published. Required fields are marked *