By following steps mentioned below, you can allow a user(s) to access the server via FTP and allow access to only their home directories.
In below setting/configs, using “testuser1” as username and directory “user_homedir_1” to allow access for “testuser1”.
access server via terminal/ssh/command line and then follow steps to executed mentioned commands for setup.

  1. First, create a group named sftp (add only if there is no sftp group else no need to add):
    groupadd sftp
  2. Add user to group and directory:
    useradd -g sftp -d /home/user_homedir_1 testuser1
  3. Create /home/user_homedir_1 directory and setup directory access mode and owner.
    mkdir /home/user_homedir_1
    chown root:root user_homedir_1cd /home/user_homedir_1
    sudo mkdir user_datadir_1
    sudo chown root:root user_datadir_1
  4. Create ssh directory in the home directory and set up public/private keys for accessing the server and home folder of the user.
    mkdir /home/user_homedir_1/.ssh
    cd /home/user_homedir_1/.ssh
    ssh-keygen -f testuser1 -t rsa
    cat testuser1.pub >> /home/user_homedir_1/.ssh/authorized_keys
    chmod 700 .ssh
    chown testuser1:sftp .ssh
    chown testuser1:sftp testuser1 testuser1.pub
    chmod 644 authorized_keys
    chown root:sftp authorized_keys
  5. Edit sshd_config to add user access setting and group setting. Open file sshd_config to edit.

    vim /etc/ssh/sshd_config
  6. Add below configs at the end of the file.
    PasswordAuthentication no
    AllowUsers ec2-user testuser1Match User testuser1
    ChrootDirectory /home/user_homedir_1/user_datadir_1
    ForceCommand internal-sftp
    AllowAgentForwarding no
    AllowTcpForwarding no
    PermitTunnel no
    X11Forwarding no
  7. Restart ssh on the server.

    sudo service ssh restart
  8. Download private key and use that to access server via FTP. you will need to convert private key into PPK format for putty.
  9. Now you can access the server via FTP using the serving host, key as the above downloaded private key.
    On successful login to server /home/user_homedir_1/user_datadir_1 will be loaded by default as we have added config in step 5 and other folders/file of the server will not be accessed.
    Screen Shot 2016-08-13 at 4.03.37 pm
  10. Similarly, if you want to allow FTP access to more users then you can follow all steps to add config for other users and allow them to access folders to which they are added/allowed.
  11. And if you want to allow a group of users to access a specific home directory then in step 5, change “Match User <username> to “Match Group sftp.
Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *