Scribd
Upload
3 views

HTML Code

Uploaded by

spy kid
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
3 views

HTML Code

Uploaded by

spy kid
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Ultimate Guide: Creating a Secure SFTP Server with Chroot on

Ubuntu 22.04
2 min read — #sftp server #linux server #ubuntu

🔐 What You’ll Learn in This Tutorial


1. Step-by-step installation of Ubuntu 22.04 for your SFTP server.
2. Configure OpenSSH for secure SFTP connections.
3. Implement chroot to confine users to their home directories.
4. Fine-tune permissions and user access for maximum security.

By the end, you’ll have a robust, secure SFTP server ideal for personal use, small businesses, or enterprise-level applications.

Step 1: Create Root Directory for SFTP Users


You can change the directory name to anything you prefer.
mkdir /sftpusers
chmod 701 /sftpusers

Step 2: Create SFTP User Group


Change the group name to anything you like.
groupadd sftpgroup

Step 3: Create SFTP User


Change mysftpuser to a username of your choice.
useradd -g sftpgroup -s /sbin/nologin mysftpuser
passwd mysftpuser

Step 4: Create SFTP User Directory


mkdir /sftpusers/mysftpuser
chown mysftpuser:sftpgroup /sftpusers/mysftpuser
chmod 700 /sftpusers/mysftpuser

Step 5: Edit SSH Config File


1. Open the SSH configuration file located at /etc/ssh/sshd_config with a text editor like nano.
nano /etc/ssh/sshd_config

2. Uncomment the following line:


Subsystem sftp /usr/lib/openssh/sftp-server

3. Add the following configuration at the end of the file:


Match Group sftpgroup
ChrootDirectory /sftpusers/
ForceCommand internal-sftp -d /%u
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
PermitTunnel no
PasswordAuthentication yes

4. Save the file and restart the SSH service:


systemctl restart sshd

Step 6: Setup SFTP Authentication with SSH Key


Create Directory for SSH Keys
mkdir /etc/ssh/authorized_keys
chown root:root /etc/ssh/authorized_keys
chmod 755 /etc/ssh/authorized_keys

Add SSH Public Key


Replace PUBLIC_KEY with the actual public SSH key and username with the SFTP username.
echo 'PUBLIC_KEY' >> /etc/ssh/authorized_keys/username
chmod 644 /etc/ssh/authorized_keys/username

Step 7: Edit SSH Config for SSH Key Authentication


1. Open /etc/ssh/sshd_config again and replace the previous Match Group block with the following:
Match Group sftpgroup
ChrootDirectory /sftpusers/
ForceCommand internal-sftp -d /%u
AuthorizedKeysFile /etc/ssh/authorized_keys/%u .ssh/authorized_keys
PermitRootLogin no
PermitEmptyPasswords no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
PermitTunnel no
PasswordAuthentication yes

2. Restart the SSH service:


systemctl restart sshd

Step 8: Disable SFTP Password Authentication (Optional)


To enforce SSH key-based authentication, edit /etc/ssh/sshd_config and set:
PasswordAuthentication no

Restart SSH:
systemctl restart sshd

Conclusion
Congratulations! You’ve successfully set up a secure SFTP server with chroot on Ubuntu 22.04. This configuration ensures users are restricted to their
designated directories while enabling secure file transfers with SSH key-based authentication.

🔒 Pro Tip: Always test your SFTP setup with a dummy user before deployment to production environments.
Post Date: August 4, 2023

Post Author: Abdul Aziz

This is in plain text format with no additional code blocks or formatting. You can now copy the entire guide seamlessly without any splitting issues.
Let me know if you need more adjustments!

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy