I'm starting a very little hosting company for a few friends and little clients, nothing big.
I want to give my "clients" the right to manage their files on the server. I hate FTP as it is not secure and it's in my opinion obsolete.
So I'd like to allow my users to connect through SFTP but not allow them to connect through SSH. (I know, I know, SFTP is using SSH). But I was just wondering, is it possible?
So I wouldn't have to install a FTP service on the server and everything would be awesome!
Best Answer
Starting with version 4.9 OpenSSH (not available in centos 5.x but ChrootDirectory feature was backported) has an
internal-sftp
subsystem:And then block other uses:
Add your users to the
sftponly
group. The chroot directory must be owned by root, and cannot be group-writeable, so create a subdirectory for each user, e.g.uploads
orhome/$username
that's owned by the appropriate user (if you match their home directory, it will be the default working directory when connecting). I'd also set/bin/false
as the user's shell.As an example, users can then upload single files with:
(scp will hopefully soon be modified to use sftp so this will become easier)