Friday, 5 December 2014

Configuring SFTP in Centos/Redhat

In this post I will be explaining the steps to configure SFTP in redhat/centos servers, more importantly I will chroot the sftp user to restrict his privileges.

Step1 :Create a group, that will be limited to SFTP and add a user to that group.  Here as an example, 
add the group "group_manoj", which will be limited to SFTP and add the user "user_manu" to the group as below:


Step2:
-------
Now, open the file "/etc/ssh/sshd_config" and find the line starting with "Subsystem"  and change it to as below: 

====
Subsystem       sftp    internal-sftp
====

Add the following lines to the end of the same file:
====
Match Group group_manoj
    ChrootDirectory %h
    ForceCommand internal-sftp
    X11Forwarding no
    AllowTcpForwarding no
====

After this restart ssh as "service sshd restart"

Now, run the below command to create a directory called "upload" and set permission as below:
====
mkdir /home/user_manu/upload
chown root. /home/user_manu
chmod 755 /home/user_manu
chgrp -R group_manoj /home/user_manu
====

Now, try to sftp to the server as sftp user "user_manu". 

====
sftp user_manu@67.xxx.xx.xx
====

Kool :)

No comments:

Post a comment

Note: only a member of this blog may post a comment.