TheLazy.Dev
Portfolio GitHub

Blog

sftp |forge

SFTP Only Access on Laravel Forge Server

devlogbook

Bryan

Posted on December 4, 2022

SFTP Only Access on Laravel Forge Server

Requirements

Let's say you want to create 3 SFTP only users

  1. mainuser : manage other users' folders and files
  2. user01 : can only view/edit own folder and files
  3. user02 : can only view/edit own folder and files

Creating Users and Directories

  1. Create the 3 users

    sudo adduser mainuser
sudo adduser user01
sudo adduser user02

  2. Create folders for user01 and user02

    sudo mkdir -p /var/sftp/user01/uploads
sudo mkdir -p /var/sftp/user02/uploads

  3. Give root write permissions to the same directory, and give other users only read and execute rights

    sudo chmod 755 /var/sftp/user01
sudo chmod 755 /var/sftp/user02

  4. Change the ownership for the uploads directory to the user you just created

    sudo chown user01:user01 /var/sftp/user01/uploads
sudo chown user02:user02 /var/sftp/user02/uploads

  5. Change ownership to mainuser to view all user folders

    sudo chown root:mainuser /var/sftp

Restricting Access to Directory

Note 1: We are creating a new sshd file because it would be cleaner and /etc/ssh/sshd_config automatically includes .conf files in /etc/ssh/sshd_config.d/

Note 2: user01/user02 will default to its own folder, but cannot create folders or files outside the uploads folder

  1. Create mainuser sshd config file

    sudo nano /etc/ssh/sshd_config.d/mainuser.conf

  2. Add to the newly created mainuser conf file

    Match User mainuser
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp/
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

  3. Create user01 sshd config file

    sudo nano /etc/ssh/sshd_config.d/user01.conf

  4. Add to the newly created user01 conf file

    Match User user01
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp/user01
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

  5. Create user02 sshd config file

    sudo nano /etc/ssh/sshd_config.d/user02.conf

  6. Add to the newly created user02 conf file

    Match User user02
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp/user02
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

  7. Restart sshd service

    sudo systemctl restart sshd

Resource

https://www.digitalocean.com/community/tutorials/how-to-enable-sftp-without-shell-access-on-ubuntu-20-04

💖 💪 🙅 🚩
devlogbook
Bryan

Posted on December 4, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

SFTP Only Access on Laravel Forge Server
sftp SFTP Only Access on Laravel Forge Server

December 4, 2022