https:///index.php?action=history&feed=atom&title=Sftp_serverSftp server - Revision history2026-04-07T09:39:38ZRevision history for this page on the wikiMediaWiki 1.35.1Gr0x0rd: Created page with "References: https://qiita.com/alokrawat050/items/fcbf86aaf7de34aacba5 https://askubuntu.com/questions/324503/2-sshd-configurations-1-for-internal-and-1-external Ensure the..."2023-02-03T06:09:44Z<p>Created page with "References: https://qiita.com/alokrawat050/items/fcbf86aaf7de34aacba5 https://askubuntu.com/questions/324503/2-sshd-configurations-1-for-internal-and-1-external Ensure the..."</p>
<p><b>New page</b></p><div>References:<br />
<br />
https://qiita.com/alokrawat050/items/fcbf86aaf7de34aacba5<br />
<br />
https://askubuntu.com/questions/324503/2-sshd-configurations-1-for-internal-and-1-external<br />
<br />
Ensure the openssh-server and ssh packages are installed.<br />
<br><br><br />
Add the desired user account. Configure the password and store it in the vault.<br />
$ sudo adduser sftp_user<br />
Create the file transfer directory if it is needed.<br />
$ sudo mkdir -p /var/www/testsite/data<br />
Set the directory permissions for the root folder.<br />
$ sudo chown root:root /var/www/testsite<br />
$ sudo chmod 755 /var/www/testsite<br />
Set the directory permissions for the data fodler.<br />
$ sudo chown sftp_user:sftp_user /var/www/testsite/data<br />
Create a second ssh instance.<br />
$ sudo cp /etc/ssh/sshd_config /etc/ssh/sftp_config<br />
$ sudo cp /lib/systemd/system/ssh.service /lib/systemd/system/sftp.service<br />
Configure the new instance to read the new config file.<br />
$ sudo nano /lib/systemd/system/sftp.service<br />
Ensure the following configuration: <br />
<pre><br />
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS -f /etc/ssh/sftp_config<br />
...<br />
Alias=sftp.service<br />
</pre><br />
Make the necessary changes to the config file. <br />
$ sudo nano /etc/ssh/sftp_config<br />
Set the port as appropriate. Example for password auth:<br />
<pre><br />
Port <your_port_number><br />
...<br />
Match User sftp_user<br />
ForceCommand internal-sftp<br />
PasswordAuthentication yes<br />
ChrootDirectory /var/www/testsite<br />
PermitTunnel no<br />
AllowAgentForwarding no<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
</pre><br />
Example for shared key auth:<br />
<pre><br />
Port <your_port_number><br />
...<br />
Match User sftp_user<br />
ForceCommand internal-sftp<br />
RSAAuthentication yes<br />
PubkeyAuthentication yes<br />
AuthorizedKeysFile .ssh/authorized_keys<br />
PasswordAuthentication no<br />
ChrootDirectory /var/www/testsite<br />
PermitTunnel no<br />
AllowAgentForwarding no<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
</pre><br />
Enable and start the service.<br />
$ sudo systemctl enable sftp.service<br />
$ sudo systemctl start sftp.service<br />
Optional: use telnet to confirm the service is now running on the desired port.<br />
<br><br><br />
$ sudo nano /etc/csf/csf.conf<br />
Ensure that the port you have added for the service and configured above are present in the TCP_IN/TCP_OUT sections of the file. When done restart the firewall<br />
$ sudo systemctl restart csf<br />
$ sudo csf -r<br />
$ sudo systemctl restart lfd<br />
<br><br><br />
Use the [[Ssh_keypair_setup]] documentation to set up a keypair for the sftp_user account. Make sure the user account is the owner of the .ssh folder and its perms are set to 700. Also make sure the account is the owner of the authorized_keys file, and the perms are set to 600.</div>Gr0x0rd