{"id":1117,"date":"2019-05-24T17:39:48","date_gmt":"2019-05-24T14:39:48","guid":{"rendered":"https:\/\/artem.services\/?p=1114"},"modified":"2022-02-25T22:59:09","modified_gmt":"2022-02-25T19:59:09","slug":"amazon-linux-2-ami-sftp-d0-b4-d0-be-d1-81-d1-82-d1-83-d0-bf","status":"publish","type":"post","link":"https:\/\/artem.services\/?p=1117&lang=en","title":{"rendered":"Amazon Linux 2 AMI — SFTP access"},"content":{"rendered":"

\"\"<\/p>\n

All actions will also be relevant for CentOS<\/strong> systems.<\/span> In this example, a user will be added for access via SFTP<\/strong> using an SSH<\/strong> key to the web directory under Apache<\/strong> management.<\/span> There is a default for Apache<\/strong> group "apache<\/strong>", if necessary, replace the desired one.<\/span><\/span><\/p>\n

All sites are on the dir:<\/span><\/span><\/p>\n

\r\n\/var\/www\/html\r\n<\/pre>\n
 <\/p>\n
Add the user sftpuser<\/strong> (already in the existing group):<\/span><\/span><\/p>\n
\r\nuseradd -g apache -d \/var\/www\/html -s \/sbin\/nologin sftpuser\r\n<\/pre>\n
Let’s give the group permissions to write since we will change the owner:<\/span><\/span><\/p>\n
\r\nchmod -R g+w \/var\/www\/html\/*\r\n<\/pre>\n
Change the ownership of files:<\/span><\/span><\/p>\n
\r\nchown -R sftpuser:apache \/var\/www\/html\/*\r\n<\/pre>\n
 <\/p>\n
The "html<\/strong>" directory itself should not belong to the "sftpuser<\/strong>" user<\/span><\/span><\/p><\/blockquote>\n
 <\/p>\n
Create a directory for public keys and give it the necessary permissions:<\/span><\/span><\/p>\n
\r\nmkdir \/var\/www\/html\/.ssh\r\nchmod 700 \/var\/www\/html\/.ssh\r\n<\/pre>\n
In this directory, create two files and place the public SSH<\/strong> key in them:<\/span><\/span><\/p>\n
\r\nauthorized_keys\r\nid_rsa.pub\r\n<\/pre>\n
Set the necessary permissions to the file:<\/span><\/span><\/p>\n
\r\nchmod 644 \/var\/www\/html\/.ssh\/*\r\n<\/pre>\n
Making the user sftpuser<\/strong> owner:<\/span><\/span><\/p>\n
\r\nchown -R sftpuser:apache \/var\/www\/html\/.ssh\r\n<\/pre>\n
 <\/p>\n
Open the SSH<\/strong> server configuration file:<\/span><\/span><\/p>\n
\r\nvim \/etc\/ssh\/sshd_config\r\n<\/pre>\n
Replace the string:<\/span><\/span><\/p>\n
\r\nSubsystem sftp\t\/usr\/libexec\/openssh\/sftp-server\r\n<\/pre>\n
To the following:<\/span><\/span><\/p>\n
\r\nSubsystem sftp\tinternal-sftp\r\n<\/pre>\n
And add the following block to the end of the file:<\/span><\/span><\/p>\n
\r\nMatch Group apache\r\nX11Forwarding no\r\nAllowTcpForwarding no\r\nChrootDirectory %h\r\nForceCommand internal-sftp\r\n<\/pre>\n
 <\/p>\n
Reboot the SSH<\/strong> service:<\/span><\/span><\/p>\n
\r\nservice restart sshd\r\n<\/pre>\n
 <\/p>\n
We connect via SFTP<\/strong> client by specifying the username "sftpuser<\/strong>" and the path to the private SSH<\/strong> key, on the basis of which the public one was generated, the port for connection is SSH<\/strong> port (by default 22<\/strong>).<\/span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"
All actions will also be relevant for CentOS systems. In this example, a user will be added for access via SFTP using an SSH key to the web directory under Apache management. There is a default for Apache group "apache", if necessary, replace the desired one. All sites are on the dir:   Add the … \u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u044c \u0447\u0438\u0442\u0430\u0442\u044c "Amazon Linux 2 AMI — SFTP access"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[599],"tags":[543,855,857,859,861],"_links":{"self":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1117"}],"collection":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1117"}],"version-history":[{"count":4,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1117\/revisions"}],"predecessor-version":[{"id":2219,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1117\/revisions\/2219"}],"wp:attachment":[{"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}