SFTP
How to setup an SFTP server on Debian 10
Prerequisites
- Install SSH
sudo apt install ssh
Chroot vs non-Chroot
Setup a Chroot SFTP server
Create a group
# groupadd sftpusers
Create a user
- Create a new user
# useradd -g sftpusers -d /incoming -s /usr/sbin/nologin guestuser# passwd guestuser
- Modify an existing user
# usermod -g sftpusers -d /incoming -s /usr/sbin/nologin john
Config SFTP server
Update subsystem
open config file
vi /etc/ssh/sshd_config
comment out
#Subsystem sftp /usr/lib/openssh/sftp-server
add the following line
Subsystem sftp internal-sftp
verify the change
# grep sftp /etc/ssh/sshd_config#Subsystem sftp /usr/lib/openssh/sftp-serverSubsystem sftp internal-sftp
Set up connection
- open config file
vi /etc/ssh/sshd_config
- uncomment the following two lines
ClientAliveInterval 300ClientAliveCountMax 3
- open config file
Specify Chroot Directory for a Group
Add the following lines at the end of /etc/ssh/sshd_config
Match Group sftpusers
#ChrootDirectory /sftp/%u
ChrootDirectory /sftp/guestuser
ForceCommand internal-sftp
Create SFTP Home Directory
mkdir -p /sftp/guestuser/incoming
Setup Appropriate Permission
- Set the owenership to the user, and group to the sftpusers group
# chown guestuser:sftpusers /sftp/guestuser/incoming
- Verify the permisson# ls -ld /sftp/guestuser/incomingdrwxr-xr-x 2 guestuser sftpusers 4096 Dec 28 23:49 /sftp/guestuser/incoming# ls -ld /sftp/guestuserdrwxr-xr-x 3 root root 4096 Dec 28 23:49 /sftp/guestuser# ls -ld /sftpdrwxr-xr-x 3 root root 4096 Dec 28 23:49 /sftp
Restart sshd and Test Chroot SFTP
- Restart
# service sshd restart
- Test
$ sftp guestuser@server_ip
Issues
Broken pip
packet_write_wait: Connection to x.x.x.x port 22: Broken pipe
- Use
-vto look verbose information$ sftp -v guestuser@server_ip
- Look logs
# cat /var/log/auth.log
ssh_config or sshd_confg
ssh_configis for ssh clientsshd_configis for ssh server daemon