Ubuntu/openssh
From r00tedvw.com wiki
(Difference between revisions)
(→sftp) |
|||
Line 22: | Line 22: | ||
UsePAM yes | UsePAM yes | ||
− | AllowGroups | + | AllowGroups john sftpusers |
Match Group sftpusers | Match Group sftpusers | ||
ChrootDirectory %h | ChrootDirectory %h |
Revision as of 20:38, 23 April 2014
Most versions of linux come with sshd installed, however it is not configured as a server. The easiest way is to use apt-get to install openssh-server
sudo apt-get install openssh-server
backup the default sshd_config to your home directory
sudo cp /etc/ssh/sshd_config ~
edit the sshd_config to increase security
- disable root login
PermitRootLogin no
- only allow specific users
AllowUsers john
restart sshd
sudo restart ssh
check to see if the service is running and listening on port 22
sudo egrep -i sshd /var/log/*log|more
sftp
after sshd is installed: edit sshd_config:
Subsystem sftp /usr/lib/openssh/sftp-server #Subsystem sftp internal-sftp -f AUTH -1 VERBOSE #Uncomment this line if already commented UsePAM yes
AllowGroups john sftpusers Match Group sftpusers ChrootDirectory %h AllowTCPForwarding no X11Forwarding no ForceCommand internal-sftp Match
In the case above, I already had a group that the user was part of. Below you'll find instructions on what to do if that does not exist already
>sudo groupadd sftpusers >sudo adduser sftpuser >sudo usermod -a -G sftpusers sftpuser >sudo passwd sftpuser >sudo chown root:sftpuser /home/sftpuser >sudo chmod 750 /home/sftpuser >sudo mkdir /home/sftpuser/public >sudo chown sftpuser:sftpuser /home/sftpuser/public >sudo chmod 777 /home/sftpuser/public