How to Setup Secure SFTP User On Centos 7
by Prashant ·

Setup Secure SFTP User on Centos 7
SFTP
SFTP stands for Secure File Transfer Protocol.
SFTP is a separate protocol packaged with SSH that works in a similar way over a secure connection.
The advantage is the ability to leverage a secure connection to transfer files and traverse the filesystem on both the local and remote systems.
Benefits of SFTP
- Easy to setup
- Data encryption and secure storage
- File transfer and manipulation functionality over any reliable data stream.
- No need to install any extra package for SFTP
Purpose Of SFTP Connection
Let’s assumes that you have a client who wants to access some files on the server but you can not provide direct access to the server.
Here you should create the directory, copy those files in that directory and then provide the access to that directory only over SFTP.
When you start working on SFTP you would not need to install any extra package for SFTP. Because it is already come up as a default package when you install OS.
To confirm the available SFTP package on Server. Run the following command,
$ rpm -qa|grep ssh
openssh-server-5.3p1-118.1.el6_8.x86_64
libssh2-1.4.2-1.el6.x86_64
openssh-clients-5.3p1-118.1.el6_8.x86_64
openssh-5.3p1-118.1.el6_8.x86_64
Setup Secure SFTP User
Step 1: Create User & Group
Here, We need to first create the group then add the SFTP user in that group.
I have used group name, directory name, login option, and name of SFTP user in “useradd” command.
$ groupadd sftpusers
$ useradd -g sftpusers -d /path/to/files -s /sbin/nologin sftpuser
$ passwd sftpuser
Changing password for user shahrilk.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
Once you execute the above command, all the information stores under the “/etc/passwd” file.
$ cat /etc/passwd|grep sftpuser
Step 2: Give Permission to the Directory
Below “chown command” is you to provide access rights to sftpuser to access the mentioned directory path.
Without permission, you will not be able to upload or download any files from the directory.
$ chown -R sftpuser:sftpusers /data/dirstatinfo/csvfiles
Step 3: Configure SSH Protocol
Now we are going to configure the ssh protocol to create an SFTP process. You can be done this through editing the configuration file “/etc/ssh/sshd_config“.
Add below lines end of the configuration file and changed directory name according to your requirement.
$ vim /etc/ssh/sshd_config
Subsystem sftp internal-sftp
Match Group sftpusers
ChrootDirectory /path/to/files
ForceCommand internal-sftp
Step 4: Enable Chroot
Chroot will protect and restrict the directory access for allowed SFTP users only.
Run the following command to chroot the directory,
$ setsebool -P ssh_chroot_rw_homedirs=1
Step 5: Restart SSH Service
After making the changes in the “sshd_config” file, we need to restart the ssh service.
Use below command,
$ /etc/init.d/sshd restart
I hope you like the article if you find any difficulties then please do comment your queries or problem via the comment section, till then stay tuned to Linuxgrow.com for more such valuable articles.
Read: Top 10 examples of history command for Linux distros
Thank You 🙂