Friday, 5 December 2014

Configuring SFTP in Centos/Redhat

In this post I will be explaining the steps to configure SFTP in redhat/centos servers, more importantly I will chroot the sftp user to restrict his privileges.

Step1 :Create a group, that will be limited to SFTP and add a user to that group.  Here as an example, 
add the group "group_manoj", which will be limited to SFTP and add the user "user_manu" to the group as below:

Now, open the file "/etc/ssh/sshd_config" and find the line starting with "Subsystem"  and change it to as below: 

Subsystem       sftp    internal-sftp

Add the following lines to the end of the same file:
Match Group group_manoj
    ChrootDirectory %h
    ForceCommand internal-sftp
    X11Forwarding no
    AllowTcpForwarding no

After this restart ssh as "service sshd restart"

Now, run the below command to create a directory called "upload" and set permission as below:
mkdir /home/user_manu/upload
chown root. /home/user_manu
chmod 755 /home/user_manu
chgrp -R group_manoj /home/user_manu

Now, try to sftp to the server as sftp user "user_manu". 


Kool :)

No comments:

Post a Comment

Note: only a member of this blog may post a comment.