This guide outlines the steps to set up SFTP with SSH, where users can either have different landing directories for SFTP and SSH or the same landing directory for both.
- Root or sudo access to the server.
- SSH and SFTP access should be installed and properly configured on the system.
In this setup, users have separate landing directories for SSH and SFTP. The SFTP directory is /sftp, and users' individual directories are set within /sftp/<username>.
-
Create SFTP Group
Create a new group for SFTP users:
sudo groupadd sftpusers
-
Create Base Directory for SFTP
Create a base directory for SFTP access:
sudo mkdir /sftp sudo mkdir /sftp/user1 sudo mkdir /sftp/user2 sudo chown root:root /sftp sudo chmod 755 /sftp
The
/sftpdirectory and subdirectories must be owned byrootto comply with theChrootDirectoryrequirements. -
Create User-Specific Directories
Create individual user directories within
/sftpand assign ownership:sudo mkdir /sftp/user1/files sudo mkdir /sftp/user2/files sudo chown user1:user1 /sftp/user1/files sudo chown user2:user2 /sftp/user2/files
The
filessubdirectory is where each user will have full access. -
Assign Users to the SFTP Group
Add users to the
sftpusersgroup:sudo usermod -aG sftpusers user1 sudo usermod -aG sftpusers user2
-
Edit the SSH Configuration
Modify the SSH configuration to define different landing directories for SFTP access:
sudo vim /etc/ssh/sshd_config
Add the following configuration at the end of the file:
Match Group sftpusers ChrootDirectory /sftp/%u/ ForceCommand internal-sftp AllowTcpForwarding no X11Forwarding noChrootDirectory /sftp/%u/: Restricts each user to their respective/sftp/<username>directory.ForceCommand internal-sftp: Forces the use of the internal SFTP server.
-
Restart the SSH Service
Apply the changes by restarting the SSH service:
sudo systemctl restart sshd
In this configuration, the same home directory is used for both SFTP and SSH. The SFTP user is restricted to their home directory using a ChrootDirectory.
-
Edit the SSH Configuration
Modify the SSH configuration to set up the same landing directory for SFTP and SSH:
sudo vim /etc/ssh/sshd_config
Add the following configuration:
Match User %u ChrootDirectory /home/%u AllowTcpForwarding no X11Forwarding no ForceCommand internal-sftpChrootDirectory /home/%u: Restricts each user to their respective/home/<username>directory.ForceCommand internal-sftp: Forces the use of the internal SFTP server.
-
Restart the SSH Service
Apply the changes by restarting the SSH service:
sudo systemctl restart sshd
-
Security Considerations: Ensure that the SFTP user's home directories have the proper ownership (
root:root) and permissions (755) for theChrootDirectoryto function correctly. -
Testing: After setting up, test the configuration by logging in with an SFTP client and ensuring that users are restricted to their designated directories and cannot navigate outside them.
-
If users encounter "Permission denied" errors while logging in via SFTP, check:
- Ownership of the
ChrootDirectory(root:root). - The permissions of the user's
filesdirectory should allow write access (chown user:userfor their files).
- Ownership of the
-
If changes don't take effect, ensure that the SSH daemon has been restarted:
sudo systemctl restart sshd
-
Review SSH logs for errors:
sudo tail -f /var/log/auth.log
# Bulk User Creation Script
This bash script allows you to create multiple users on a Linux system in bulk. It reads a list of usernames and passwords from a file and creates corresponding user accounts, setting up specific directories and permissions for each user.
## Usage
``` bash
vim create_users.sh
#!/bin/bash
# Check if the input file is provided
if [ $# -ne 1 ]; then
echo "Usage: $0 <userfile>"
exit 1
fi
# Read the input file
input_file="$1"
# Loop through each line in the file
while IFS=' ' read -r user_name password; do
# Create the user's home directory
mkdir -p "/home/$user_name/uploads"
# Create the user with the specified shell and home directory
useradd -s /bin/bash -d "/home/$user_name/uploads" "$user_name"
chmod 770 /home/$user_name/uploads
# Set the user's password
echo "$user_name:$password" | chpasswd
echo "User $user_name created with home directory /home/$user_name/uploads"
done < "$input_file"
./create_users.sh <userfile><userfile>: A text file containing usernames and passwords, with each line formatted as follows:username password
Create a file named userlist.txt with the following content:
user1 password1
user2 password2
Then, run the script:
./create_users.sh userlist.txt-
Input File Check: The script expects one argument – the path to the user file. If not provided, it will display a usage message and exit.
-
Reading User File: The script reads the file line by line. Each line should contain a username and a password separated by a space.
-
User Creation:
- For each user, it creates a home directory inside
/home/<username>/uploads. - Adds the user with
/bin/bashas their default shell and sets their home directory to/home/<username>/uploads. - Sets appropriate permissions (
770) on the user's home directory.
- For each user, it creates a home directory inside
-
Password Setup: The script sets the provided password for each user using the
chpasswdcommand. -
Confirmation: For each user, a message confirming the creation of the user and their home directory is displayed.
- Bash shell
- Root or sudo privileges to create users
- Ensure the input file is properly formatted with a space between the username and password.
- The script must be run as root or using
sudoto create users and set passwords. - Be cautious when handling passwords in plaintext files for security purposes.
User user1 created with home directory /home/user1/uploads
User user2 created with home directory /home/user2/uploads
This project is licensed under the MIT License. See the LICENSE file for details.
Feel free to modify it as needed!
---
## Conclusion
This guide helps you configure an SFTP environment where you can either have separate directories for SSH and SFTP or use the same home directory for both.