Amazon Linux 2 AMI – SFTP access

All actions will also be relevant for CentOS systems. In this example, a user will be added for access via SFTP using an SSH key to the web directory under Apache management. There is a default for Apache group "apache", if necessary, replace the desired one.

All sites are on the dir:

/var/www/html

 

Add the user sftpuser (already in the existing group):

useradd -g apache -d /var/www/html -s /sbin/nologin sftpuser

Let’s give the group permissions to write since we will change the owner:

chmod -R g+w /var/www/html/*

Change the ownership of files:

chown -R sftpuser:apache /var/www/html/*

 

The "html" directory itself should not belong to the "sftpuser" user

 

Create a directory for public keys and give it the necessary permissions:

mkdir /var/www/html/.ssh
chmod 700 /var/www/html/.ssh

In this directory, create two files and place the public SSH key in them:

authorized_keys
id_rsa.pub

Set the necessary permissions to the file:

chmod 644 /var/www/html/.ssh/*

Making the user sftpuser owner:

chown -R sftpuser:apache /var/www/html/.ssh

 

Open the SSH server configuration file:

vim /etc/ssh/sshd_config

Replace the string:

Subsystem sftp	/usr/libexec/openssh/sftp-server

To the following:

Subsystem sftp	internal-sftp

And add the following block to the end of the file:

Match Group apache
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory %h
ForceCommand internal-sftp

 

Reboot the SSH service:

service restart sshd

 

We connect via SFTP client by specifying the username "sftpuser" and the path to the private SSH key, on the basis of which the public one was generated, the port for connection is SSH port (by default 22).

Tagged: Tags

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments