How to Configure SFTP on Red Hat
How to Configure SFTP on Red Hat
Server Configuration
Step 1: Edit sshd_config
- Comment original Subsystem entry for sftp and replace it with a new entry:
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
Subsystem sftp internal-sftp
- Add below changes to the end of the /etc/ssh/sshd_config file
Match Group sftponly
ChrootDirectory /chroots/%u
AllowTcpForwarding no
ForceCommand internal-sftp
X11Forwarding no
ChrootDirectory /chroots/%u
AllowTcpForwarding no
ForceCommand internal-sftp
X11Forwarding no
Step 2: Create a new group to add sftp-only users
# groupadd sftponly
Step 3: Add users to the group
- If user exists,
# usermod -g sftponly -s /bin/false user
- Create a new user
# useradd -d /myhome -M -g sftponly -s /bin/false user
- Set password for created user
# passwd user
Step 4: Set chroot environment and configure directory permissions. Ensure that this entire path is owned by root and only writable by root.
# mkdir -p /chroots/user ; chmod -R 755 /chroots/user
- Note : If its not root:root, then try below command
# chown root:root /chroots/user
Step 5: Create the user's actual home directory under the ChrootDirectory and chown it to the user and group created for SFTP
# mkdir /chroots/user/myhome ; chown user:sftponly /chroots/user/myhome
Step 6 : If you want to use a timezone of the host machine in chrooted environment, then use command
# mkdir /chroots/user/etc/; cp /usr/share/zoneinfo/Asia/Tokyo /chroots/user/etc/localtime
Step 7 : Restart sshd service
Note : When the user logs in they will see their working directory as /myhome (which is actually /chroots/user/myhome).
No comments: