SFTP setup on Debian Jessie
Video is in Danish.
Setting up a small sftp service secured with chroot. For this small project we are using a debian Jessie network installation distribution.
SFTP is about using your ftp service over ssh. A command line sftp that is encrypted by the ssh standard.
Starte by creating a group for the sftp access.
groupadd sftp-group
Then a modification to the current user that is made in the debian installation fase or creating a new user. In this case ftpuser.
usermod -g sftp-group –d /ftp –s /sbin/nologin < a current user >
Then added another user for access to the ftp server
useradd -g sftp-group -d /ftp -s /sbin/nologin < new user >
Okay the two lines of code tells that the first is a modification of an existing user where the -g adds the user to the group “sftp-group” with -d sets the home directory to /ftp (not mistaken from a root directory) and -s sets the login shell.
Line 2 does the same thing just with a newly created user.
The sshd_config has to be edit now or else the user will have access to entire file system and that is not desirable in any way
nano /etc/ssh/sshd_config
Find the first line in the configuration file and add the second line. It is at the bottom of the configuration file. As picture below
Add this to the after the last line in the config. Should be after the “UsePam yes” option.
The commands in the picture will lock the user inside an pre-determed directory with the ChrootDirectory option.
Make the secure directory with following
mkdir -p /secure/<your user>/ftp
This is the folder added in the usermod and the useradd cmd in the beginning.
Change the ownership of the ftp folders. As of now, the root user and root group should own it.
cd /secure/<your user>/
chown mbn.sftp-group ftp
It should now look like this with running “ls -l
Change password of mbn
passwd < new user >
Restart the ssh service
/etc/init.d/ssh restart
Testing the SFTP connection with a Ubuntu V