SFTP is an interactive file transfer program, similar to ftp, which performs all operations over an encrypted ssh transport.
In FTP all data is passed back and forth between the client and server without the use of encryption. This makes it possible for an evesdropper to listen in and retrieve your confidential information including login details. With SFTP all the data is encrypted before it is sentsent across the network.
Step 1 : Install OpenSSH package if not installed
$sudo apt-get install openssh-server
Step 2 : Create separate group for SFTP users.
sudo addgroup ftpaccess
Step 3 : Edit /etc/ssh/sshd_config file and make changes as below.
$sudo vi /etc/ssh/sshd_config
Find and comment below line. #Subsystem sftp /usr/lib/openssh/sftp-server
and add these lines to the end of the file.
Subsystem sftp internal-sftp
Match group ftpaccess
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Step 3.1
Enable password Authentication in same file.
PasswordAuthentication yes
Step 4 : Restart sshd service.
sudo service ssh restart
Step 5 : Add user with ftpaccess group and create password.
$sudo adduser exampleuser --ingroup ftpaccess --shell /usr/sbin/nologin
Step 6 : Modify home directory permission.
$sudo chown root:root /home/exampleuser
Step 7 : Create a directory inside home for upload and modify permission with group.
sudo mkdir /home/exampleuser/www
$sudo chown exampleuser:ftpaccess /home/exampleuser/www
Step 8 : Test if sftp works.
$sftp exampleuser@<ip address>
exampleuser@<ip address>'s password: [Enter password here created above for this user]
Connected to <ip address>.
Step 9 : Use a FTP Client to connect to the server now.
No comments:
Post a Comment