By following steps mentioned below, you can allow a user(s) to access the server via FTP and allow access to only their home directories.
In below setting/configs, using “testuser1” as username and directory “user_homedir_1” to allow access for “testuser1”.
access server via terminal/ssh/command line and then follow steps to executed mentioned commands for setup.
- First, create a group named sftp (add only if there is no sftp group else no need to add):
groupadd sftp
- Add user to group and directory:
useradd -g sftp -d /home/user_homedir_1 testuser1
- Create /home/user_homedir_1 directory and setup directory access mode and owner.
mkdir /home/user_homedir_1 chown root:root user_homedir_1cd /home/user_homedir_1 sudo mkdir user_datadir_1 sudo chown root:root user_datadir_1
- Create ssh directory in the home directory and set up public/private keys for accessing the server and home folder of the user.
mkdir /home/user_homedir_1/.ssh cd /home/user_homedir_1/.ssh ssh-keygen -f testuser1 -t rsa cat testuser1.pub >> /home/user_homedir_1/.ssh/authorized_keys chmod 700 .ssh chown testuser1:sftp .ssh chown testuser1:sftp testuser1 testuser1.pub chmod 644 authorized_keys chown root:sftp authorized_keys
- Edit sshd_config to add user access setting and group setting. Open file sshd_config to edit.
vim /etc/ssh/sshd_config
- Add below configs at the end of the file.
PasswordAuthentication no AllowUsers ec2-user testuser1Match User testuser1 ChrootDirectory /home/user_homedir_1/user_datadir_1 ForceCommand internal-sftp AllowAgentForwarding no AllowTcpForwarding no PermitTunnel no X11Forwarding no
- Restart ssh on the server.
sudo service ssh restart
- Download private key and use that to access server via FTP. you will need to convert private key into PPK format for putty.
- Now you can access the server via FTP using the serving host, key as the above downloaded private key.
On successful login to server /home/user_homedir_1/user_datadir_1 will be loaded by default as we have added config in step 5 and other folders/file of the server will not be accessed.
- Similarly, if you want to allow FTP access to more users then you can follow all steps to add config for other users and allow them to access folders to which they are added/allowed.
- And if you want to allow a group of users to access a specific home directory then in step 5, change “
Match User <username>
to “Match Group sftp
.