How to Configure SFTP on Red Hat

How to Configure SFTP on Red Hat

How to set up SFTP on Red Hat

Set up sftp to chroot only for specific users, so that user can't get out of their home directory

Server Configuration

Step 1:  Edit sshd_config

  • Comment original Subsystem entry for sftp and replace it with a new entry:

#Subsystem      sftp    /usr/libexec/openssh/sftp-server
Subsystem       sftp    internal-sftp

  • Add below changes to the end of the /etc/ssh/sshd_config file

                                Match Group sftponly
                ChrootDirectory /chroots/%u
                AllowTcpForwarding no
                ForceCommand internal-sftp
                        X11Forwarding no

Step 2: Create a new group to add sftp-only users

# groupadd sftponly

Step 3: Add users to the group

  • If user exists,

# usermod  -g sftponly -s /bin/false user

  • Create a new user

#  useradd -d /myhome -M -g sftponly -s /bin/false user

  • Set password for created user

# passwd user

Step 4: Set chroot environment and configure directory permissions.  Ensure that this entire path is owned by root and only writable by root.

# mkdir -p /chroots/user ; chmod -R 755 /chroots/user

  • Note : If its not root:root, then try below command

# chown root:root /chroots/user

Step 5: Create the user's actual home directory under the ChrootDirectory and chown it to the user and group created for SFTP

# mkdir /chroots/user/myhome ; chown user:sftponly /chroots/user/myhome

Step 6 : If you want to use a timezone of the host machine in chrooted environment, then use command
# mkdir /chroots/user/etc/; cp /usr/share/zoneinfo/Asia/Tokyo  /chroots/user/etc/localtime

Step 7 : Restart sshd service

Note : When the user logs in they will see their working directory as /myhome (which is actually /chroots/user/myhome).

No comments:

Powered by Blogger.