Big Bytes

Create SFTP Only User on FreeBSD 10

SFTP is a secure way to give people access to files on a server as FTP is not a good option because passwords are transferred in plain text, you should use the more secure SSH. SFTP is based on SSH which encrypts all passwords and data. With this option there is no need to install a separate service as SSH is on almost every server.

Give users limited access to your servers and shell login disabled, so they cannot run commands or play around with other files. Login as root to edit the following files and execute commands.

Create a SFTP only group

This is the group where the SFTP only users will be added.
pw groupadd sftp

Configure SSH
nano /etc/ssh/sshd_config

Add these lines at the bottom of the file and change the chroot directory to your needs.

Match Group sftp
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Add a new SFTP user

Add a new user to your system and set the login group to sftp.

adduser
Username: customer
Full name: SFTP user
Uid (Leave empty for default):
Login group [customer]: sftp
Login group is sftp. Invite customer into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash nologin) [sh]:
Home directory [/home/customer]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username : customer
Password : *****
Full Name : SFTP user
Uid : 1006
Class :
Groups : sftp
Home : /home/customer
Home Mode : root
Shell : /bin/sh
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (customer) to the user database.

The chroot directory needs to be owned by root so that the user/group can log in.

chown root:sftp /home/customer

Create a new directory within the users home directory where files can be uploaded.
Change the ownership of this directory to the new user and the sftp group.

mkdir /home/customer/files
chown customer:sftp /home/customer/files

Restart the SSH server

service sshd restart

Test the new SFTP only user

Finally connect to your server with the SFTP only user, navigate to web files directory, upload some files and test that shell login is disabled for this user. Make sure that your client supports SFTP.

Leave a Reply

You may also like:

Education Law / Legal Lifestyle Linux People Software Technology World

How to stay safe from Email Server Compromises & Data Scams?

Avoid using tools like mobile apps or fancy desktop apps for email send / receive and other critical transactions.

Read More
Media / PR Technology

Web and mobile services for print, online media, news agencies

While creating a dynamic web portal, mobile or desktop applications for broadcast, print and online media, editorial systems, adverts management, page planning, circulation, mobile, social media sync etc you hire an agency that fully understand the technologies and even have its own media channels. We offer custom services based on open source, there are no […]

Read More
Lifestyle Linux People Retail Software Startup Technology

Mobile is Driving Holiday Shopping

Mobile also offers an impressive selection of antiques shops and galleries with a wide variety of collectibles, vintage finds and funky pieces. Some features locally-owned specialty shops featuring high-end clothing, jewelry, furniture and home accessories – you can definitely shop till you drop in Mobile

Read More