Enabling SFTP without SSH access on Ubuntu

If you’re looking to securely transfer files to a server using an encrypted SSH connection, SFTP is your best bet. SFTP, which stands for SSH File Transfer Protocol, is significantly different than FTP. However, it is still widely supported by modern FTP clients.

You can use SFTP automatically on all servers that have SSH access enabled. It is an easy and safe way to transfer files to a server, but these advantages come at a cost: a SSH server will only file transfer access and terminal shell access to users with an account on the system.

Let’s say, for instance, In some situations, you may want only certain users to be allowed file transfers and no SSH access. So do you get around this potential inconvenience? Following up, we’ll see how you can instruct the SSH daemon to limit SFTP access to a single directory.

  • First, you’ll need to create a new user who will only be allowed to transfer files to the server. For the purpose of this tutorial, we’ll be using the username ingridfiles.
sudo adduser ingridfiles
  • You’ll be asked to enter a password for this user and some other minor information. Press ENTER once you’ve completed all the steps.
  • Next, you’ll need to create a directory for file transfer, to which you will restrict SSH access.
sudo mkdir -p /var/sftp/uploads
  • Then, set the owner of /var/sftp to root.
sudo chown root:root /var/sftp
  • Now, give root write permissions to the same directory. All other users should have only read and execute rights.
sudo chmod 755 /var/sftp
  • Change the ownership on the uploads directory to ingridfiles.
sudo chown ingridfiles:ingridfiles/var/sftp/uploads
  • As for the access restriction, open the SSH server configuration file, like so:
sudo nano /etc/ssh/sshd_config
  • And append this configuration snipped to the very end of the file:
Match User ingridfiles

ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
  • To apply the changes, restart the service.
sudo systemctl restart sshd

 

And you’re done! Congratulations on enabling SFTP without SSH access on Ubuntu!

 

Leave a Reply