# vi /etc/ssh/sshd_config
hash out this value #Subsystem sftp /usr/libexec/openssh/sftp-server Subsystem sftp internal-sftp add these four lines at the bottom of the file Match group sftpusers ChrootDirectory /home/%u X11Forwarding no ForceCommand internal-sftp Save and exit the file |
# groupadd sftpusers |
if [[ -z $1 ]]
then echo "" echo "Usage: enter a username after command"; echo "eg. add-sftpuser bob" echo "" else echo "- creating $1 chroot directory"; mkdir /home/$1; echo "- creating user $1" useradd -s /bin/false -g sftpusers $1 > /dev/null 2>$1; echo "- modifying home dir for user $1"; usermod -d / $1; echo "- creating home folder for user $1"; mkdir /home/$1/home; echo "- changing home folder ownership for user $1"; chown -Rf $1 /home/$1/home; echo "" echo "- Please set password for user $1"; passwd $1; fi |
# mkdir /home/andrew |
# useradd -s /bin/false -g sftpusers andrew > /dev/null 2>$1 |
# usermod -d / andrew |
# mkdir /home/andrew/home # chown -Rf andrew /home/andrew/home |
# passwd andrew |
# /admin/bin/add-sftpuser andrew
- creating andrew chroot directory - creating user andrew - modifying home dir for user andrew - creating home folder for user andrew - changing home folder ownership for user andrew - Please set password for user andrew Changing password for user andrew. New password: BAD PASSWORD: it is based on a dictionary word BAD PASSWORD: is too simple Retype new password: passwd: all authentication tokens updated successfully. |
# sftp andrew@192.168.1.7
Connecting to 192.168.1.7... andrew@192.168.1.7's password: sftp> pwd Remote working directory: / sftp> cd / sftp> pwd Remote working directory: / sftp> ls home sftp> cd home sftp> ls sftp> mput 1.png Uploading 1.png to /home/1.png 1.png 100% 90KB 90.4KB/s 00:00 sftp> ls 1.png sftp> bye |
# vi sshd_config
#AuthorizedKeysFile .ssh/authorized_keys AuthorizedKeysFile /etc/sftpkeys/%u.pub Save and exit the file. Restart sshd # /etc/init.d/sshd restart |
# sftp andrew@192.168.1.7
Connecting to 192.168.1.7... sftp> |