How to Setup Secure SFTP User On Centos 7

setup secure sftp user
setup secure sftp user

Setup Secure SFTP User on Centos 7

SFTP

SFTP stands for Secure File Transfer Protocol.

SFTP is a separate protocol packaged with SSH that works in a similar way over a secure connection.

The advantage is the ability to leverage a secure connection to transfer files and traverse the filesystem on both the local and remote systems.

Benefits of SFTP

  • Easy to setup
  • Data encryption and secure storage
  • File transfer and manipulation functionality over any reliable data stream.
  • No need to install any extra package for SFTP

Purpose Of SFTP Connection

Let’s assumes that you have a client who wants to access some files on the server but you can not provide direct access to the server.

Here you should create the directory, copy those files in that directory and then provide the access to that directory only over SFTP.

When you start working on SFTP you would not need to install any extra package for SFTP. Because it is already come up as a default package when you install OS.

To confirm the available SFTP package on Server. Run the following command,

$ rpm -qa|grep ssh

openssh-server-5.3p1-118.1.el6_8.x86_64
libssh2-1.4.2-1.el6.x86_64
openssh-clients-5.3p1-118.1.el6_8.x86_64
openssh-5.3p1-118.1.el6_8.x86_64

Setup Secure SFTP User

Step 1: Create User & Group

Here, We need to first create the group then add the SFTP user in that group.

I have used group name, directory name, login option, and name of SFTP user in “useradd” command.

$ groupadd sftpusers
$ useradd -g sftpusers -d /path/to/files -s /sbin/nologin sftpuser
$ passwd sftpuser

Changing password for user shahrilk.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.

Once you execute the above command, all the information stores under the “/etc/passwd” file.

$ cat /etc/passwd|grep sftpuser

Step 2: Give Permission to the Directory

Below “chown command” is you to provide access rights to sftpuser to access the mentioned directory path.

Without permission, you will not be able to upload or download any files from the directory.

$ chown -R sftpuser:sftpusers /data/dirstatinfo/csvfiles

Step 3: Configure SSH Protocol

Now we are going to configure the ssh protocol to create an SFTP process. You can be done this through editing the configuration file “/etc/ssh/sshd_config“.

Add below lines end of the configuration file and changed directory name according to your requirement.

$ vim /etc/ssh/sshd_config

Subsystem sftp internal-sftp
Match Group sftpusers
ChrootDirectory /path/to/files
ForceCommand internal-sftp

Step 4: Enable Chroot

Chroot will protect and restrict the directory access for allowed SFTP users only.

Run the following command to chroot the directory,

$ setsebool -P ssh_chroot_rw_homedirs=1 

Step 5: Restart SSH Service

After making the changes in the “sshd_config” file, we need to restart the ssh service.

Use below command,

$ /etc/init.d/sshd restart

I hope you like the article if you find any difficulties then please do comment your queries or problem via the comment section, till then stay tuned to Linuxgrow.com for more such valuable articles.

Read: Top 10 examples of history command for Linux distros

Thank You 🙂

Prashant

Welcome to Linuxgrow. I'm Prashant, a tech-blogger from Mumbai, India. I started Linuxgrow as a passion and to share my knowledge about technologies. Here at Linuxgrow, I write about Linux technologies, Aws Cloud, Wordpress blogging and scripting knowledge. You can read more about me at About us page. Thank You :)

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Facebook