Connect with us

Hi, what are you looking for?


How to configure SFTP with restricted access to directory

How to configure SFTP with restricted access to directory


Steps to configure SFTP on Linux server with entry restricted to the precise listing solely. Additionally, the best way to deny SSH login and solely permit SFTP login to the person.

How to configure SFTP with restricted access to directorySFTP with restricted listing entry

On this article, we are going to stroll you thru the process to configure SFTP in your server and limit sftp person entry to a selected listing.

The entire course of is listed under steps. If in case you have SFTP configured already or customers created already you possibly can skip these steps.

  1. Add SFTP person to the system
  2. Put together SFTP listing
  3. Configure SFTP on SSH service layer
    • Permit person for SFTP solely and deny SSH entry
  4. Confirm entry

In under instance, we are going to create person sftp_user1, permit his sftp entry, deny him ssh entry and limit his sftp entry to the listing /sftp_uploads/user1

Add SFTP person to the system

It’s a easy useradd stuff. For straightforward administration of SFTP customers, add the SFTP group as effectively in your system.

Put together SFTP listing

Needless to say it is best to have a base listing that can be owned by root i.e. ChrootDirectory. After which below it, you possibly can create your restricted listing the place SFTP person is to be restricted. So as soon as SFTP person is logged in he’s jailed into ChrootDirectory and he cannot transfer past it.

Set possession and permissions for the SFTP listing. I saved them completely for proprietor i.e. sftp_user1 solely.

Configure SFTP in SSH service

SFTP is a sub-service supplied by SSH daemon. To allow it, add under strains in SSH configuration file /and so forth/ssh/sshd_config

In case your SSH config file already has /usr/libexec/openssh/sftp-server enabled as sftp subsystem then hash it out.

Right here line-wise –

  1. Tells SSH daemon to run the inner sftp subsystem.
  2. Match customers with the first group sftp_group or match solely specified person i.e. sftp_user1
  3. After they attempt to login limit their working listing below the bottom /sftp_upload
  4. Solely permit them to make use of sftp service and deny ssh login
  5. Disable all X11 ahead for these customers in order that they cant entry GUI apps
  6. Disable TCP forwarding as effectively for them

Restart SSH daemon to select up these new configurations. You possibly can restart with HUP for those who don’t need the prevailing SSH connection to be impacted.

Confirm entry

Now there are three issues we have to confirm right here –

  1. sftp_user1 ought to capable of join utilizing the sftp protocol
  2. sftp_user1 shouldn’t be allowed to log in utilizing SSH
  3. When logged in utilizing sftp, sftp_user1 needs to be restricted to /sftp_uploads/user1 listing solely.

Let’s take a look at all three factors –

So the primary level is validated.

There! The second level validated.

And the third level as effectively. You possibly can see the SFTP person’s working listing is restricted to /usr1 which is /sftp_uploads/user1 on SFTP server. Since we jailed him utilizing ChrootDirectoy /sftp_uploads, he’s inside it and cannot see past. Therefore /user1 is PWD for SFTP person.

sftp restrict user to specific directory windows,sftp restrict user to specific directory ubuntu,restrict ssh user to specific directory,sftp to specific directory,sftp home directory,sftp user permissions,sftp home directory permissions,fatal: bad ownership or modes for chroot directory component

You May Also Like


The latest round of MITRE ATT&CK evaluations proved yet again that Microsoft customers can trust they are fully protected even in the face of...


On Thursday, April 23rd, 2020, Canonical Ltd, the makers of Ubuntu Linux distribution officially released the long-awaited Ubuntu 20.04 version code-named “Focal Fossa”, it...


As the robot process automation (RPA) market becomes more and more dynamic, more and more companies are trying to integrate RPA into their business...


One of the most discussed new features in Ubuntu 20.04 is the dark mode. You can install a dark theme in any version of...