By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Cloudbooklet Logo
  • Artificial Intelligence
  • Applications
  • Linux
Notification

Free AI Image Generator

AI Tools
Cloudbooklet AICloudbooklet AI
Search
AI Tools
  • Artificial Intelligence
  • Applications
  • Google Cloud
  • Compute Engine
  • Linux

Top Stories

Explore the latest updated news!
Character Ai Group Chat

What is Character AI Group Chat and How to Get Started?

Skype Voice Changer

Skype Voice Changer: How to Transform Your Voice on Skype Calls

Antifake

How AntiFake can Protect your Voice from Deepfake AI

Follow US
  • About
  • Contact
  • Disclaimer
  • Privacy Policy
Cloudbooklet © 2023 All rights reserved.

Home » Linux » Setup SFTP and Prevent SSH on Ubuntu 20.04

Linux

Setup SFTP and Prevent SSH on Ubuntu 20.04

Last updated: 2023/05/23 at 10:10 AM
By Cloudbooklet
Setup Sftp And Prevent Ssh On Ubuntu 20.04
SHARE
Readers like you help support Cloudbooklet. When you make a purchase using links on our site, we may earn an affiliate commission.

Setup SFTP and Prevent SSH on Ubuntu 20.04. SFTP (Secure File transfer Protocol), a secure way to transfer files to servers using encrypted SSH connections. All servers with SSH will have SFTP enabled by default.

In this guide you are going to learn how to limit SFTP access to a directory for a particular user and prevent SSH access.

Table of Contents
PrerequisitesStep 1: Create New userStep 2: Setup SFTP accessStep 3: Prevent SSH access and Restrict SFTP AccessStep 4: Verify SFTP setupConclusion

This setup is tested on a virtual machine running Ubuntu 20.04 OS. So this tutorial should work on any severs with Ubuntu.

Prerequisites

SSH access to server with sudo privileges.

Step 1: Create New user

Create a new user who has SFTP access to perform certain actions on a particular directory.

sudo adduser username

You will be prompted to setup a password and other optional details which you can setup or ignore it.

If you wish to use SSH keys based login, check how to setup SSH access on your Ubuntu.

Step 2: Setup SFTP access

To setup SFTP access you need to configure correct directory permissions the parent directory of the new directory you are about to create should be owned by root and not by any other users.

For example, if you are going to create a directory named /sftp/folder, the sftp directory should be owned by root and the folder directory should be owned by the particular user who is accessing it.

Create directories.

sudo mkdir -p /sftp/folder

Configure correct permissions.

sudo chmod 755 /sftp
sudo chown root:root /sftp
sudo chmod -R 755 /sftp/folder
sudo chown username:username /sftp/folder

Step 3: Prevent SSH access and Restrict SFTP Access

Now we can modify SSH configuration to prevent SSH access for the user and restrict the user to access only the particular directory.

Edit your SSH configuration file.

sudo nano /etc/ssh/sshd_config

Add the following to the end of the file.

Match User username
  ForceCommand internal-sftp
  PasswordAuthentication yes
  ChrootDirectory /sftp
  PermitTunnel no
  AllowAgentForwarding no
  AllowTcpForwarding no
  X11Forwarding no
  • Match User tells the SSH server to apply the following commands only to the specified user.
  • ForceCommand internal-sftp forces the SSH server to run the SFTP server upon login and prevent SSH access.
  • PasswordAuthentication yes allows password authentication for this user. If you use SSH keys based login you can prevent password based authentication by setting the value to no.
  • ChrootDirectory /sftp ensures that the user will not be allowed access to anything beyond the /sftp directory.
  • AllowAgentForwarding no, AllowTcpForwarding no, and X11Forwarding no disables port forwarding, tunneling, and X11 forwarding, respectively.

Hit CTRL + X followed by Y and then ENTER to save and exit the file.

Now the configurations are in place which allows only SFTP access and prevents SSH login for the user.

Restart SSH service for the changes to take effect.

sudo systemctl restart sshd

For more details on configuring access for multiple usernames, you can follow this Chroot setup guide.

Step 4: Verify SFTP setup

Try loging in to the server using your SFTP details with SSH command. You will be denied access to SSH.

ssh username@server_ip

You will receive an output similar to the one below.

Output
This service allows sftp connections only.
Connection to server_ip closed.

Now verify using sftp command.

sftp username@server_ip

Now you should be logged in to the server and have access to the directory you have configured earlier.

Output
Connected to server_ip
sftp>

Use the ls command to list the directories you will see the directory named folder you have created and configured permissions.

sftp> ls
Output
folder

Conclusion

Now you have learned how to setup SFTP and prevent SSH access to user over a specific directory.

Thanks for your time. If you face any problem or any feedback, please leave a comment below.

TAGGED: Ubuntu, Ubuntu 20.04
Share This Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Reddit Telegram Copy Link Print
Share
Leave a review Leave a review

Leave a review Cancel reply

Your email address will not be published. Required fields are marked *

Please select a rating!

Popular

Temu Vs. Amazon
Temu vs. Amazon: How to Choose the Best Online Marketplace for Your Shopping
Applications
Ai Tools Black Friday
7 Must-Have AI Tools Black Friday Deal and Cyber Monday (November 2023)
Artificial Intelligence
Clothoff
Clothoff.io – APK for Android and IOS to Remove Clothes Free
Artificial Intelligence
Chatgpt Voice Chat
How to Use ChatGPT Voice Chat Feature: Tips and Tricks
Artificial Intelligence
- Advertisement -

Subscribe Now

loader

Subscribe to our mailing list to receives daily updates!

Email Address*

Name

Related Stories

Uncover the stories that related to the post!
Ubuntu 23.10
Linux

What’s New and Exciting in Ubuntu 23.10 Mantic Minotaur? A Comprehensive Guide

Symbolic Links In Linux
Linux

Symbolic Links in Linux: What They Are and How to Use Them

Ubuntu Password
Linux

Reset your Forgotten Ubuntu Password in 2 Minutes

&Quot; Systemd Service On Linux
Linux

How to Create a New systemd Service on Linux: A Step-by-Step Guide

Cloudbooklet Logo
  • Categories:
  • Artificial Intelligence
  • Applications
  • Google Cloud

Quick Links

  • About
  • Contact
  • Disclaimer
  • Privacy Policy
Cloudbooklet © 2023 All rights reserved.
Welcome Back!

Sign in to your account

Lost your password?