How to setup a restricted SFTP server on Ubuntu?
I would like to know how to set up root, sudo, sftp-only user accounts which won't be required public key authentication at log in. I would also like to know how to set up sftp-only users' home directories where they can't access upper level other directories.
server openssh sftp
edited Apr 11 '15 at 8:19
muru
1
asked Feb 14 '14 at 1:29
Yuya KobayashiYuya Kobayashi
503157
add a comment |
I would like to know how to set up root, sudo, sftp-only user accounts which won't be required public key authentication at log in. I would also like to know how to set up sftp-only users' home directories where they can't access upper level other directories.
server openssh sftp
edited Apr 11 '15 at 8:19
muru
1
asked Feb 14 '14 at 1:29
Yuya KobayashiYuya Kobayashi
503157
add a comment |
I would like to know how to set up root, sudo, sftp-only user accounts which won't be required public key authentication at log in. I would also like to know how to set up sftp-only users' home directories where they can't access upper level other directories.
server openssh sftp
edited Apr 11 '15 at 8:19
muru
1
asked Feb 14 '14 at 1:29
Yuya KobayashiYuya Kobayashi
503157
I would like to know how to set up root, sudo, sftp-only user accounts which won't be required public key authentication at log in. I would also like to know how to set up sftp-only users' home directories where they can't access upper level other directories.
server openssh sftp
server openssh sftp
edited Apr 11 '15 at 8:19
muru
1
asked Feb 14 '14 at 1:29
Yuya KobayashiYuya Kobayashi
503157
edited Apr 11 '15 at 8:19
muru
1
asked Feb 14 '14 at 1:29
Yuya KobayashiYuya Kobayashi
503157
edited Apr 11 '15 at 8:19
muru
1
edited Apr 11 '15 at 8:19
muru
1
edited Apr 11 '15 at 8:19
muru
1
1
asked Feb 14 '14 at 1:29
Yuya KobayashiYuya Kobayashi
503157
asked Feb 14 '14 at 1:29
Yuya KobayashiYuya Kobayashi
503157
asked Feb 14 '14 at 1:29
Yuya KobayashiYuya Kobayashi
503157
503157
add a comment |
add a comment |
4 Answers
4
active
oldest
votes
The best resource to help you begin setting up an ssh service on a Host machine using Ubuntu is OpenSSH Server. This will allow you to use SSH File Transfer Protocol (also Secure File Transfer Protocol, or SFTP) to access, transfer, and manage files over SSH from a Client machine.
Overview of Solution
- On Ubuntu you can setup an
OpenSSH serveron a Host machine and a user can then usesshto connect from Client to Host's server using only a username and password. Note, however, that public key authentication is recommended,
"Make sure you have a strong password before installing an SSH server (you may want to disable passwords altogether)"
- Administrative User Accounts created on Host will have sudo privileges, Standard User Accounts created on Host will not.
Install and configure your OpenSSH Server on Host
To install an OpenSSH server on Host:
sudo apt-get install openssh-server
Give your Host a Static IP address so you can reliably connect to it:
nm-connection-editor
To configure your OpenSSH server, "first, make a backup of your sshd_config file by copying it to your home directory, or by making a read-only copy in /etc/ssh by doing:"
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults
sudo chmod a-w /etc/ssh/sshd_config.factory-defaults
"Once you've backed up your sshd_config file, you can make changes with any text editor, for example:"
sudo -H gedit /etc/ssh/sshd_config
You must restart your ssh service on Host for these changes to take effect
sudo service ssh restart
Consider the Following Security Measures
- Don't enable port-forwarding on your router: When outsider asks your router to connect outsider to Port 22, etc., your router fails to comply unless you have enabled port-forwarding
- Disable root login: Comment out
PermitRootLogin without-password; addPermitRootLogin noto Host's/etc/ssh/sshd_config
- Choose non-standard SSH port: Comment out
Port 22; addPort <new-port-number>to Host's/etc/ssh/sshd_config
- Allow only local connections: Add
ListenAddress 192.168.0.10
- Allow certain users on certain ports: Add
AllowUsers <username>@<IP_address_1> <username>@<IP_address_2>orAllowUsers <username>@111.222.333.*to Host's/etc/ssh/sshd_config
- Allow only RSA key (passwordless) connections: Append the contents of
~/.ssh/id_rsa.pubfrom each Client as a new line of Host's~/.ssh/authorized_keys. Then addPasswordAuthentication noto to Host's/etc/ssh/sshd_config
- Slow attackers' cracking attempts: Use ufw (uncomplicated firewall) on Host to rate limit incoming connections to 10/minute:
sudo apt-get install ufw && sudo ufw limit OpenSSH
- For more ideas, see Keeping SSH Access Secure
If you feel you must, Enable PasswordAuthentication in your sshd_config file
Find the line with the phrase PasswordAuthentication and make it read:
PasswordAuthentication yes
Save your new sshd_config file and then restart Host's ssh service:
sudo service ssh restart
If you need access from anywhere over the internet, Setup Port Forwarding on your local router to direct traffic to your OpenSSH server
Note the port Host's ssh service listens to in the sshd_config file and setup your router to forward TCP/UDP traffic aimed at this port to the IP address of your OpenSSH server.
- Typically, you can point your web browser to
192.168.1.1in order to login to your router and setup port forwarding. See Configure OpenSSH server and router to accept SSH connection over internet?
Connect to Host and login via command-line or terminal
To open an SFTP shell terminal as
<username>on Host, open a Terminal on Client and enter the following command, replacing123.123.1.23with Host's IP address:
sftp <username>@123.123.1.23
If you changed the port number Host's OpenSSH server listens to, do:
sftp -P <port_number_in_Host's_sshd_config_file> <username>@123.123.1.23
To open an SSH shell terminal as
<username>on Host, open a Terminal on Client and enter the following command, replacing123.123.1.23with Host's IP address:
ssh <username>@123.123.1.23
If you changed the port number Host's OpenSSH server listens to, do:
ssh -p <port_number_in_Host's_sshd_config_file> <username>@123.123.1.23
Connect to Host and login via GUI file manager (e.g., Nautilus) for more visual SFTP access to enable file transfers
- Open Nautilus on Client
- Select File > Connect to Server
- Type:
SSH
- Server: Enter Host's IP address
- Port: port number specified in Host's
sshd_configfile - User name: username
- Password: password
In 14.04:
- Open Nautilus on Client
- Connect to Server
- Type: `ssh @123.123.1.23:
Create Standard User Accounts on Host with limited file permissions outside their home folder
Proper file permissions in place on Host guarantee that each standard user (without sudo privileges) that you create on Host will own their /home/new_user directory but have limited permissions with the rest of the directory structure.
- Limited permissions does not necessarily mean they are unable to view filenames and directory structure.
Hope that's helpful!
edited Apr 13 '17 at 12:25
Community♦
1
answered Feb 14 '14 at 3:36
jtdjtd
1,99711625
9
It seems to me that answer, while appearing to very comprehensive actually fails to answer the most difficult part of the OPs question: "where they can't access upper level other directories." If implemented as above the user would be able to read the vast majority of the directory structure.
– ostergaard
May 14 '15 at 5:13
2
To expand on @ajostergaard's comment, this creates a regular unix user and allows them SSH and SFTP access. A regular unix user (not root) can still access and view a very large number of sensitive files such as web server configuration and much more. This is definitely not secure and definitely does not satisfy the limitation asked for by the OP.
– Simon Woodside
Apr 19 '17 at 3:17
add a comment |
Step 1 : Install OpenSSH package if not installed
sudo apt-get install openssh-server
Step 2 : Create separate group for SFTP users.
sudo addgroup ftpaccess
Step 3 : Edit /etc/ssh/sshd_config file and make changes as below.
Find and comment below line.
#Subsystem sftp /usr/lib/openssh/sftp-server
and add these lines to the end of the file.
Subsystem sftp internal-sftp
Match group ftpaccess
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Step 4 : Restart sshd service.
sudo service ssh restart
Step 5 : Add user with ftpaccess group and create password.
sudo adduser paul --ingroup ftpaccess --shell /usr/sbin/nologin
Step 6 : Modify home directory permission.
sudo chown root:root /home/paul
Step 7 : Create a directory inside home for upload and modify permission with group.
sudo mkdir /home/paul/www
sudo chown paul:ftpaccess /home/paul/www
That's it .
Refer : Setup SFTP on ubuntu
edited Apr 11 '15 at 8:23
muru
1
answered Apr 11 '15 at 6:57
ytgmuabmytgmuabm
49143
This seems to be the correct answer. I didn't test it, but at least it mentioned the main difficulty, restricting browsing path.
– Mohammed Noureldin
Aug 19 '17 at 14:30
I tested it and it was far too permissive, due to the default permissions on the home folder being 755. I didsudo chmod 711on the home folder and it allowed me to ftp to the www folder, only. Seems good so far but maybe others can chime in...
– moodboom
Oct 18 '17 at 14:47
add a comment |
Denyhosts is another tool besides those mentioned by "jtd" that you might want to look at. It can automatically block repeated connection attempts to your SSH server. It is available to install in the Ubuntu repositories.
answered Feb 14 '14 at 3:44
firefly2442firefly2442
1212
Paket denyhosts is only avaiable for lucid (10.04LTS) and precise (12.04LTS). packages.ubuntu.com/search?suite=all&keywords=denyhosts
– A.B.
Apr 11 '15 at 9:57
Denyhosts is no more available in Ubuntu repositories, although it can be still installed by a different method but it has not been updated since long. Thus, It is not wise to use Denyhosts .
– Faizan Akram Dar
Apr 11 '15 at 12:34
add a comment |
Limit the Access to the User
Here, we will only allow the user to perform file transfer and we will disable the terminal access.
For that add the following codes at the bottom of the configuration file.
$ sudo nano /etc/ssh/sshd_config
Now the file will open and paste the code.
/etc/ssh/sshd_config
. . .
Match User filemg
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
Replace filemg with your user name. Then save and close the file.
That's it.
Reference: How to use SFTP in Ubuntu 16.04
edited Jul 19 '17 at 16:42
Zanna
51.1k13138242
answered Jul 19 '17 at 16:13
AimalAimal
11
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f420652%2fhow-to-setup-a-restricted-sftp-server-on-ubuntu%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
The best resource to help you begin setting up an ssh service on a Host machine using Ubuntu is OpenSSH Server. This will allow you to use SSH File Transfer Protocol (also Secure File Transfer Protocol, or SFTP) to access, transfer, and manage files over SSH from a Client machine.
Overview of Solution
- On Ubuntu you can setup an
OpenSSH serveron a Host machine and a user can then usesshto connect from Client to Host's server using only a username and password. Note, however, that public key authentication is recommended,
"Make sure you have a strong password before installing an SSH server (you may want to disable passwords altogether)"
- Administrative User Accounts created on Host will have sudo privileges, Standard User Accounts created on Host will not.
Install and configure your OpenSSH Server on Host
To install an OpenSSH server on Host:
sudo apt-get install openssh-server
Give your Host a Static IP address so you can reliably connect to it:
nm-connection-editor
To configure your OpenSSH server, "first, make a backup of your sshd_config file by copying it to your home directory, or by making a read-only copy in /etc/ssh by doing:"
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults
sudo chmod a-w /etc/ssh/sshd_config.factory-defaults
"Once you've backed up your sshd_config file, you can make changes with any text editor, for example:"
sudo -H gedit /etc/ssh/sshd_config
You must restart your ssh service on Host for these changes to take effect
sudo service ssh restart
Consider the Following Security Measures
- Don't enable port-forwarding on your router: When outsider asks your router to connect outsider to Port 22, etc., your router fails to comply unless you have enabled port-forwarding
- Disable root login: Comment out
PermitRootLogin without-password; addPermitRootLogin noto Host's/etc/ssh/sshd_config
- Choose non-standard SSH port: Comment out
Port 22; addPort <new-port-number>to Host's/etc/ssh/sshd_config
- Allow only local connections: Add
ListenAddress 192.168.0.10
- Allow certain users on certain ports: Add
AllowUsers <username>@<IP_address_1> <username>@<IP_address_2>orAllowUsers <username>@111.222.333.*to Host's/etc/ssh/sshd_config
- Allow only RSA key (passwordless) connections: Append the contents of
~/.ssh/id_rsa.pubfrom each Client as a new line of Host's~/.ssh/authorized_keys. Then addPasswordAuthentication noto to Host's/etc/ssh/sshd_config
- Slow attackers' cracking attempts: Use ufw (uncomplicated firewall) on Host to rate limit incoming connections to 10/minute:
sudo apt-get install ufw && sudo ufw limit OpenSSH
- For more ideas, see Keeping SSH Access Secure
If you feel you must, Enable PasswordAuthentication in your sshd_config file
Find the line with the phrase PasswordAuthentication and make it read:
PasswordAuthentication yes
Save your new sshd_config file and then restart Host's ssh service:
sudo service ssh restart
If you need access from anywhere over the internet, Setup Port Forwarding on your local router to direct traffic to your OpenSSH server
Note the port Host's ssh service listens to in the sshd_config file and setup your router to forward TCP/UDP traffic aimed at this port to the IP address of your OpenSSH server.
- Typically, you can point your web browser to
192.168.1.1in order to login to your router and setup port forwarding. See Configure OpenSSH server and router to accept SSH connection over internet?
Connect to Host and login via command-line or terminal
To open an SFTP shell terminal as
<username>on Host, open a Terminal on Client and enter the following command, replacing123.123.1.23with Host's IP address:
sftp <username>@123.123.1.23
If you changed the port number Host's OpenSSH server listens to, do:
sftp -P <port_number_in_Host's_sshd_config_file> <username>@123.123.1.23
To open an SSH shell terminal as
<username>on Host, open a Terminal on Client and enter the following command, replacing123.123.1.23with Host's IP address:
ssh <username>@123.123.1.23
If you changed the port number Host's OpenSSH server listens to, do:
ssh -p <port_number_in_Host's_sshd_config_file> <username>@123.123.1.23
Connect to Host and login via GUI file manager (e.g., Nautilus) for more visual SFTP access to enable file transfers
- Open Nautilus on Client
- Select File > Connect to Server
- Type:
SSH
- Server: Enter Host's IP address
- Port: port number specified in Host's
sshd_configfile - User name: username
- Password: password
In 14.04:
- Open Nautilus on Client
- Connect to Server
- Type: `ssh @123.123.1.23:
Create Standard User Accounts on Host with limited file permissions outside their home folder
Proper file permissions in place on Host guarantee that each standard user (without sudo privileges) that you create on Host will own their /home/new_user directory but have limited permissions with the rest of the directory structure.
- Limited permissions does not necessarily mean they are unable to view filenames and directory structure.
Hope that's helpful!
edited Apr 13 '17 at 12:25
Community♦
1
answered Feb 14 '14 at 3:36
jtdjtd
1,99711625
9
It seems to me that answer, while appearing to very comprehensive actually fails to answer the most difficult part of the OPs question: "where they can't access upper level other directories." If implemented as above the user would be able to read the vast majority of the directory structure.
– ostergaard
May 14 '15 at 5:13
2
To expand on @ajostergaard's comment, this creates a regular unix user and allows them SSH and SFTP access. A regular unix user (not root) can still access and view a very large number of sensitive files such as web server configuration and much more. This is definitely not secure and definitely does not satisfy the limitation asked for by the OP.
– Simon Woodside
Apr 19 '17 at 3:17
add a comment |
The best resource to help you begin setting up an ssh service on a Host machine using Ubuntu is OpenSSH Server. This will allow you to use SSH File Transfer Protocol (also Secure File Transfer Protocol, or SFTP) to access, transfer, and manage files over SSH from a Client machine.
Overview of Solution
- On Ubuntu you can setup an
OpenSSH serveron a Host machine and a user can then usesshto connect from Client to Host's server using only a username and password. Note, however, that public key authentication is recommended,
"Make sure you have a strong password before installing an SSH server (you may want to disable passwords altogether)"
- Administrative User Accounts created on Host will have sudo privileges, Standard User Accounts created on Host will not.
Install and configure your OpenSSH Server on Host
To install an OpenSSH server on Host:
sudo apt-get install openssh-server
Give your Host a Static IP address so you can reliably connect to it:
nm-connection-editor
To configure your OpenSSH server, "first, make a backup of your sshd_config file by copying it to your home directory, or by making a read-only copy in /etc/ssh by doing:"
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults
sudo chmod a-w /etc/ssh/sshd_config.factory-defaults
"Once you've backed up your sshd_config file, you can make changes with any text editor, for example:"
sudo -H gedit /etc/ssh/sshd_config
You must restart your ssh service on Host for these changes to take effect
sudo service ssh restart
Consider the Following Security Measures
- Don't enable port-forwarding on your router: When outsider asks your router to connect outsider to Port 22, etc., your router fails to comply unless you have enabled port-forwarding
- Disable root login: Comment out
PermitRootLogin without-password; addPermitRootLogin noto Host's/etc/ssh/sshd_config
- Choose non-standard SSH port: Comment out
Port 22; addPort <new-port-number>to Host's/etc/ssh/sshd_config
- Allow only local connections: Add
ListenAddress 192.168.0.10
- Allow certain users on certain ports: Add
AllowUsers <username>@<IP_address_1> <username>@<IP_address_2>orAllowUsers <username>@111.222.333.*to Host's/etc/ssh/sshd_config
- Allow only RSA key (passwordless) connections: Append the contents of
~/.ssh/id_rsa.pubfrom each Client as a new line of Host's~/.ssh/authorized_keys. Then addPasswordAuthentication noto to Host's/etc/ssh/sshd_config
- Slow attackers' cracking attempts: Use ufw (uncomplicated firewall) on Host to rate limit incoming connections to 10/minute:
sudo apt-get install ufw && sudo ufw limit OpenSSH
- For more ideas, see Keeping SSH Access Secure
If you feel you must, Enable PasswordAuthentication in your sshd_config file
Find the line with the phrase PasswordAuthentication and make it read:
PasswordAuthentication yes
Save your new sshd_config file and then restart Host's ssh service:
sudo service ssh restart
If you need access from anywhere over the internet, Setup Port Forwarding on your local router to direct traffic to your OpenSSH server
Note the port Host's ssh service listens to in the sshd_config file and setup your router to forward TCP/UDP traffic aimed at this port to the IP address of your OpenSSH server.
- Typically, you can point your web browser to
192.168.1.1in order to login to your router and setup port forwarding. See Configure OpenSSH server and router to accept SSH connection over internet?
Connect to Host and login via command-line or terminal
To open an SFTP shell terminal as
<username>on Host, open a Terminal on Client and enter the following command, replacing123.123.1.23with Host's IP address:
sftp <username>@123.123.1.23
If you changed the port number Host's OpenSSH server listens to, do:
sftp -P <port_number_in_Host's_sshd_config_file> <username>@123.123.1.23
To open an SSH shell terminal as
<username>on Host, open a Terminal on Client and enter the following command, replacing123.123.1.23with Host's IP address:
ssh <username>@123.123.1.23
If you changed the port number Host's OpenSSH server listens to, do:
ssh -p <port_number_in_Host's_sshd_config_file> <username>@123.123.1.23
Connect to Host and login via GUI file manager (e.g., Nautilus) for more visual SFTP access to enable file transfers
- Open Nautilus on Client
- Select File > Connect to Server
- Type:
SSH
- Server: Enter Host's IP address
- Port: port number specified in Host's
sshd_configfile - User name: username
- Password: password
In 14.04:
- Open Nautilus on Client
- Connect to Server
- Type: `ssh @123.123.1.23:
Create Standard User Accounts on Host with limited file permissions outside their home folder
Proper file permissions in place on Host guarantee that each standard user (without sudo privileges) that you create on Host will own their /home/new_user directory but have limited permissions with the rest of the directory structure.
- Limited permissions does not necessarily mean they are unable to view filenames and directory structure.
Hope that's helpful!
edited Apr 13 '17 at 12:25
Community♦
1
answered Feb 14 '14 at 3:36
jtdjtd
1,99711625
9
It seems to me that answer, while appearing to very comprehensive actually fails to answer the most difficult part of the OPs question: "where they can't access upper level other directories." If implemented as above the user would be able to read the vast majority of the directory structure.
– ostergaard
May 14 '15 at 5:13
2
To expand on @ajostergaard's comment, this creates a regular unix user and allows them SSH and SFTP access. A regular unix user (not root) can still access and view a very large number of sensitive files such as web server configuration and much more. This is definitely not secure and definitely does not satisfy the limitation asked for by the OP.
– Simon Woodside
Apr 19 '17 at 3:17
add a comment |
The best resource to help you begin setting up an ssh service on a Host machine using Ubuntu is OpenSSH Server. This will allow you to use SSH File Transfer Protocol (also Secure File Transfer Protocol, or SFTP) to access, transfer, and manage files over SSH from a Client machine.
Overview of Solution
- On Ubuntu you can setup an
OpenSSH serveron a Host machine and a user can then usesshto connect from Client to Host's server using only a username and password. Note, however, that public key authentication is recommended,
"Make sure you have a strong password before installing an SSH server (you may want to disable passwords altogether)"
- Administrative User Accounts created on Host will have sudo privileges, Standard User Accounts created on Host will not.
Install and configure your OpenSSH Server on Host
To install an OpenSSH server on Host:
sudo apt-get install openssh-server
Give your Host a Static IP address so you can reliably connect to it:
nm-connection-editor
To configure your OpenSSH server, "first, make a backup of your sshd_config file by copying it to your home directory, or by making a read-only copy in /etc/ssh by doing:"
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults
sudo chmod a-w /etc/ssh/sshd_config.factory-defaults
"Once you've backed up your sshd_config file, you can make changes with any text editor, for example:"
sudo -H gedit /etc/ssh/sshd_config
You must restart your ssh service on Host for these changes to take effect
sudo service ssh restart
Consider the Following Security Measures
- Don't enable port-forwarding on your router: When outsider asks your router to connect outsider to Port 22, etc., your router fails to comply unless you have enabled port-forwarding
- Disable root login: Comment out
PermitRootLogin without-password; addPermitRootLogin noto Host's/etc/ssh/sshd_config
- Choose non-standard SSH port: Comment out
Port 22; addPort <new-port-number>to Host's/etc/ssh/sshd_config
- Allow only local connections: Add
ListenAddress 192.168.0.10
- Allow certain users on certain ports: Add
AllowUsers <username>@<IP_address_1> <username>@<IP_address_2>orAllowUsers <username>@111.222.333.*to Host's/etc/ssh/sshd_config
- Allow only RSA key (passwordless) connections: Append the contents of
~/.ssh/id_rsa.pubfrom each Client as a new line of Host's~/.ssh/authorized_keys. Then addPasswordAuthentication noto to Host's/etc/ssh/sshd_config
- Slow attackers' cracking attempts: Use ufw (uncomplicated firewall) on Host to rate limit incoming connections to 10/minute:
sudo apt-get install ufw && sudo ufw limit OpenSSH
- For more ideas, see Keeping SSH Access Secure
If you feel you must, Enable PasswordAuthentication in your sshd_config file
Find the line with the phrase PasswordAuthentication and make it read:
PasswordAuthentication yes
Save your new sshd_config file and then restart Host's ssh service:
sudo service ssh restart
If you need access from anywhere over the internet, Setup Port Forwarding on your local router to direct traffic to your OpenSSH server
Note the port Host's ssh service listens to in the sshd_config file and setup your router to forward TCP/UDP traffic aimed at this port to the IP address of your OpenSSH server.
- Typically, you can point your web browser to
192.168.1.1in order to login to your router and setup port forwarding. See Configure OpenSSH server and router to accept SSH connection over internet?
Connect to Host and login via command-line or terminal
To open an SFTP shell terminal as
<username>on Host, open a Terminal on Client and enter the following command, replacing123.123.1.23with Host's IP address:
sftp <username>@123.123.1.23
If you changed the port number Host's OpenSSH server listens to, do:
sftp -P <port_number_in_Host's_sshd_config_file> <username>@123.123.1.23
To open an SSH shell terminal as
<username>on Host, open a Terminal on Client and enter the following command, replacing123.123.1.23with Host's IP address:
ssh <username>@123.123.1.23
If you changed the port number Host's OpenSSH server listens to, do:
ssh -p <port_number_in_Host's_sshd_config_file> <username>@123.123.1.23
Connect to Host and login via GUI file manager (e.g., Nautilus) for more visual SFTP access to enable file transfers
- Open Nautilus on Client
- Select File > Connect to Server
- Type:
SSH
- Server: Enter Host's IP address
- Port: port number specified in Host's
sshd_configfile - User name: username
- Password: password
In 14.04:
- Open Nautilus on Client
- Connect to Server
- Type: `ssh @123.123.1.23:
Create Standard User Accounts on Host with limited file permissions outside their home folder
Proper file permissions in place on Host guarantee that each standard user (without sudo privileges) that you create on Host will own their /home/new_user directory but have limited permissions with the rest of the directory structure.
- Limited permissions does not necessarily mean they are unable to view filenames and directory structure.
Hope that's helpful!
edited Apr 13 '17 at 12:25
Community♦
1
answered Feb 14 '14 at 3:36
jtdjtd
1,99711625
The best resource to help you begin setting up an ssh service on a Host machine using Ubuntu is OpenSSH Server. This will allow you to use SSH File Transfer Protocol (also Secure File Transfer Protocol, or SFTP) to access, transfer, and manage files over SSH from a Client machine.
Overview of Solution
- On Ubuntu you can setup an
OpenSSH serveron a Host machine and a user can then usesshto connect from Client to Host's server using only a username and password. Note, however, that public key authentication is recommended,
"Make sure you have a strong password before installing an SSH server (you may want to disable passwords altogether)"
- Administrative User Accounts created on Host will have sudo privileges, Standard User Accounts created on Host will not.
Install and configure your OpenSSH Server on Host
To install an OpenSSH server on Host:
sudo apt-get install openssh-server
Give your Host a Static IP address so you can reliably connect to it:
nm-connection-editor
To configure your OpenSSH server, "first, make a backup of your sshd_config file by copying it to your home directory, or by making a read-only copy in /etc/ssh by doing:"
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.factory-defaults
sudo chmod a-w /etc/ssh/sshd_config.factory-defaults
"Once you've backed up your sshd_config file, you can make changes with any text editor, for example:"
sudo -H gedit /etc/ssh/sshd_config
You must restart your ssh service on Host for these changes to take effect
sudo service ssh restart
Consider the Following Security Measures
- Don't enable port-forwarding on your router: When outsider asks your router to connect outsider to Port 22, etc., your router fails to comply unless you have enabled port-forwarding
- Disable root login: Comment out
PermitRootLogin without-password; addPermitRootLogin noto Host's/etc/ssh/sshd_config
- Choose non-standard SSH port: Comment out
Port 22; addPort <new-port-number>to Host's/etc/ssh/sshd_config
- Allow only local connections: Add
ListenAddress 192.168.0.10
- Allow certain users on certain ports: Add
AllowUsers <username>@<IP_address_1> <username>@<IP_address_2>orAllowUsers <username>@111.222.333.*to Host's/etc/ssh/sshd_config
- Allow only RSA key (passwordless) connections: Append the contents of
~/.ssh/id_rsa.pubfrom each Client as a new line of Host's~/.ssh/authorized_keys. Then addPasswordAuthentication noto to Host's/etc/ssh/sshd_config
- Slow attackers' cracking attempts: Use ufw (uncomplicated firewall) on Host to rate limit incoming connections to 10/minute:
sudo apt-get install ufw && sudo ufw limit OpenSSH
- For more ideas, see Keeping SSH Access Secure
If you feel you must, Enable PasswordAuthentication in your sshd_config file
Find the line with the phrase PasswordAuthentication and make it read:
PasswordAuthentication yes
Save your new sshd_config file and then restart Host's ssh service:
sudo service ssh restart
If you need access from anywhere over the internet, Setup Port Forwarding on your local router to direct traffic to your OpenSSH server
Note the port Host's ssh service listens to in the sshd_config file and setup your router to forward TCP/UDP traffic aimed at this port to the IP address of your OpenSSH server.
- Typically, you can point your web browser to
192.168.1.1in order to login to your router and setup port forwarding. See Configure OpenSSH server and router to accept SSH connection over internet?
Connect to Host and login via command-line or terminal
To open an SFTP shell terminal as
<username>on Host, open a Terminal on Client and enter the following command, replacing123.123.1.23with Host's IP address:
sftp <username>@123.123.1.23
If you changed the port number Host's OpenSSH server listens to, do:
sftp -P <port_number_in_Host's_sshd_config_file> <username>@123.123.1.23
To open an SSH shell terminal as
<username>on Host, open a Terminal on Client and enter the following command, replacing123.123.1.23with Host's IP address:
ssh <username>@123.123.1.23
If you changed the port number Host's OpenSSH server listens to, do:
ssh -p <port_number_in_Host's_sshd_config_file> <username>@123.123.1.23
Connect to Host and login via GUI file manager (e.g., Nautilus) for more visual SFTP access to enable file transfers
- Open Nautilus on Client
- Select File > Connect to Server
- Type:
SSH
- Server: Enter Host's IP address
- Port: port number specified in Host's
sshd_configfile - User name: username
- Password: password
In 14.04:
- Open Nautilus on Client
- Connect to Server
- Type: `ssh @123.123.1.23:
Create Standard User Accounts on Host with limited file permissions outside their home folder
Proper file permissions in place on Host guarantee that each standard user (without sudo privileges) that you create on Host will own their /home/new_user directory but have limited permissions with the rest of the directory structure.
- Limited permissions does not necessarily mean they are unable to view filenames and directory structure.
Hope that's helpful!
edited Apr 13 '17 at 12:25
Community♦
1
answered Feb 14 '14 at 3:36
jtdjtd
1,99711625
edited Apr 13 '17 at 12:25
Community♦
1
edited Apr 13 '17 at 12:25
Community♦
1
edited Apr 13 '17 at 12:25
Community♦
1
1
answered Feb 14 '14 at 3:36
jtdjtd
1,99711625
answered Feb 14 '14 at 3:36
jtdjtd
1,99711625
answered Feb 14 '14 at 3:36
jtdjtd
1,99711625
1,99711625
9
It seems to me that answer, while appearing to very comprehensive actually fails to answer the most difficult part of the OPs question: "where they can't access upper level other directories." If implemented as above the user would be able to read the vast majority of the directory structure.
– ostergaard
May 14 '15 at 5:13
2
To expand on @ajostergaard's comment, this creates a regular unix user and allows them SSH and SFTP access. A regular unix user (not root) can still access and view a very large number of sensitive files such as web server configuration and much more. This is definitely not secure and definitely does not satisfy the limitation asked for by the OP.
– Simon Woodside
Apr 19 '17 at 3:17
add a comment |
9
It seems to me that answer, while appearing to very comprehensive actually fails to answer the most difficult part of the OPs question: "where they can't access upper level other directories." If implemented as above the user would be able to read the vast majority of the directory structure.
– ostergaard
May 14 '15 at 5:13
2
To expand on @ajostergaard's comment, this creates a regular unix user and allows them SSH and SFTP access. A regular unix user (not root) can still access and view a very large number of sensitive files such as web server configuration and much more. This is definitely not secure and definitely does not satisfy the limitation asked for by the OP.
– Simon Woodside
Apr 19 '17 at 3:17
9
9
It seems to me that answer, while appearing to very comprehensive actually fails to answer the most difficult part of the OPs question: "where they can't access upper level other directories." If implemented as above the user would be able to read the vast majority of the directory structure.
– ostergaard
May 14 '15 at 5:13
It seems to me that answer, while appearing to very comprehensive actually fails to answer the most difficult part of the OPs question: "where they can't access upper level other directories." If implemented as above the user would be able to read the vast majority of the directory structure.
– ostergaard
May 14 '15 at 5:13
2
2
To expand on @ajostergaard's comment, this creates a regular unix user and allows them SSH and SFTP access. A regular unix user (not root) can still access and view a very large number of sensitive files such as web server configuration and much more. This is definitely not secure and definitely does not satisfy the limitation asked for by the OP.
– Simon Woodside
Apr 19 '17 at 3:17
To expand on @ajostergaard's comment, this creates a regular unix user and allows them SSH and SFTP access. A regular unix user (not root) can still access and view a very large number of sensitive files such as web server configuration and much more. This is definitely not secure and definitely does not satisfy the limitation asked for by the OP.
– Simon Woodside
Apr 19 '17 at 3:17
add a comment |
Step 1 : Install OpenSSH package if not installed
sudo apt-get install openssh-server
Step 2 : Create separate group for SFTP users.
sudo addgroup ftpaccess
Step 3 : Edit /etc/ssh/sshd_config file and make changes as below.
Find and comment below line.
#Subsystem sftp /usr/lib/openssh/sftp-server
and add these lines to the end of the file.
Subsystem sftp internal-sftp
Match group ftpaccess
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Step 4 : Restart sshd service.
sudo service ssh restart
Step 5 : Add user with ftpaccess group and create password.
sudo adduser paul --ingroup ftpaccess --shell /usr/sbin/nologin
Step 6 : Modify home directory permission.
sudo chown root:root /home/paul
Step 7 : Create a directory inside home for upload and modify permission with group.
sudo mkdir /home/paul/www
sudo chown paul:ftpaccess /home/paul/www
That's it .
Refer : Setup SFTP on ubuntu
edited Apr 11 '15 at 8:23
muru
1
answered Apr 11 '15 at 6:57
ytgmuabmytgmuabm
49143
This seems to be the correct answer. I didn't test it, but at least it mentioned the main difficulty, restricting browsing path.
– Mohammed Noureldin
Aug 19 '17 at 14:30
I tested it and it was far too permissive, due to the default permissions on the home folder being 755. I didsudo chmod 711on the home folder and it allowed me to ftp to the www folder, only. Seems good so far but maybe others can chime in...
– moodboom
Oct 18 '17 at 14:47
add a comment |
Step 1 : Install OpenSSH package if not installed
sudo apt-get install openssh-server
Step 2 : Create separate group for SFTP users.
sudo addgroup ftpaccess
Step 3 : Edit /etc/ssh/sshd_config file and make changes as below.
Find and comment below line.
#Subsystem sftp /usr/lib/openssh/sftp-server
and add these lines to the end of the file.
Subsystem sftp internal-sftp
Match group ftpaccess
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Step 4 : Restart sshd service.
sudo service ssh restart
Step 5 : Add user with ftpaccess group and create password.
sudo adduser paul --ingroup ftpaccess --shell /usr/sbin/nologin
Step 6 : Modify home directory permission.
sudo chown root:root /home/paul
Step 7 : Create a directory inside home for upload and modify permission with group.
sudo mkdir /home/paul/www
sudo chown paul:ftpaccess /home/paul/www
That's it .
Refer : Setup SFTP on ubuntu
edited Apr 11 '15 at 8:23
muru
1
answered Apr 11 '15 at 6:57
ytgmuabmytgmuabm
49143
This seems to be the correct answer. I didn't test it, but at least it mentioned the main difficulty, restricting browsing path.
– Mohammed Noureldin
Aug 19 '17 at 14:30
I tested it and it was far too permissive, due to the default permissions on the home folder being 755. I didsudo chmod 711on the home folder and it allowed me to ftp to the www folder, only. Seems good so far but maybe others can chime in...
– moodboom
Oct 18 '17 at 14:47
add a comment |
Step 1 : Install OpenSSH package if not installed
sudo apt-get install openssh-server
Step 2 : Create separate group for SFTP users.
sudo addgroup ftpaccess
Step 3 : Edit /etc/ssh/sshd_config file and make changes as below.
Find and comment below line.
#Subsystem sftp /usr/lib/openssh/sftp-server
and add these lines to the end of the file.
Subsystem sftp internal-sftp
Match group ftpaccess
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Step 4 : Restart sshd service.
sudo service ssh restart
Step 5 : Add user with ftpaccess group and create password.
sudo adduser paul --ingroup ftpaccess --shell /usr/sbin/nologin
Step 6 : Modify home directory permission.
sudo chown root:root /home/paul
Step 7 : Create a directory inside home for upload and modify permission with group.
sudo mkdir /home/paul/www
sudo chown paul:ftpaccess /home/paul/www
That's it .
Refer : Setup SFTP on ubuntu
edited Apr 11 '15 at 8:23
muru
1
answered Apr 11 '15 at 6:57
ytgmuabmytgmuabm
49143
Step 1 : Install OpenSSH package if not installed
sudo apt-get install openssh-server
Step 2 : Create separate group for SFTP users.
sudo addgroup ftpaccess
Step 3 : Edit /etc/ssh/sshd_config file and make changes as below.
Find and comment below line.
#Subsystem sftp /usr/lib/openssh/sftp-server
and add these lines to the end of the file.
Subsystem sftp internal-sftp
Match group ftpaccess
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Step 4 : Restart sshd service.
sudo service ssh restart
Step 5 : Add user with ftpaccess group and create password.
sudo adduser paul --ingroup ftpaccess --shell /usr/sbin/nologin
Step 6 : Modify home directory permission.
sudo chown root:root /home/paul
Step 7 : Create a directory inside home for upload and modify permission with group.
sudo mkdir /home/paul/www
sudo chown paul:ftpaccess /home/paul/www
That's it .
Refer : Setup SFTP on ubuntu
edited Apr 11 '15 at 8:23
muru
1
answered Apr 11 '15 at 6:57
ytgmuabmytgmuabm
49143
edited Apr 11 '15 at 8:23
muru
1
edited Apr 11 '15 at 8:23
muru
1
edited Apr 11 '15 at 8:23
muru
1
1
answered Apr 11 '15 at 6:57
ytgmuabmytgmuabm
49143
answered Apr 11 '15 at 6:57
ytgmuabmytgmuabm
49143
answered Apr 11 '15 at 6:57
ytgmuabmytgmuabm
49143
49143
This seems to be the correct answer. I didn't test it, but at least it mentioned the main difficulty, restricting browsing path.
– Mohammed Noureldin
Aug 19 '17 at 14:30
I tested it and it was far too permissive, due to the default permissions on the home folder being 755. I didsudo chmod 711on the home folder and it allowed me to ftp to the www folder, only. Seems good so far but maybe others can chime in...
– moodboom
Oct 18 '17 at 14:47
add a comment |
This seems to be the correct answer. I didn't test it, but at least it mentioned the main difficulty, restricting browsing path.
– Mohammed Noureldin
Aug 19 '17 at 14:30
I tested it and it was far too permissive, due to the default permissions on the home folder being 755. I didsudo chmod 711on the home folder and it allowed me to ftp to the www folder, only. Seems good so far but maybe others can chime in...
– moodboom
Oct 18 '17 at 14:47
This seems to be the correct answer. I didn't test it, but at least it mentioned the main difficulty, restricting browsing path.
– Mohammed Noureldin
Aug 19 '17 at 14:30
This seems to be the correct answer. I didn't test it, but at least it mentioned the main difficulty, restricting browsing path.
– Mohammed Noureldin
Aug 19 '17 at 14:30
I tested it and it was far too permissive, due to the default permissions on the home folder being 755. I did
sudo chmod 711 on the home folder and it allowed me to ftp to the www folder, only. Seems good so far but maybe others can chime in...– moodboom
Oct 18 '17 at 14:47
I tested it and it was far too permissive, due to the default permissions on the home folder being 755. I did
sudo chmod 711 on the home folder and it allowed me to ftp to the www folder, only. Seems good so far but maybe others can chime in...– moodboom
Oct 18 '17 at 14:47
add a comment |
Denyhosts is another tool besides those mentioned by "jtd" that you might want to look at. It can automatically block repeated connection attempts to your SSH server. It is available to install in the Ubuntu repositories.
answered Feb 14 '14 at 3:44
firefly2442firefly2442
1212
Paket denyhosts is only avaiable for lucid (10.04LTS) and precise (12.04LTS). packages.ubuntu.com/search?suite=all&keywords=denyhosts
– A.B.
Apr 11 '15 at 9:57
Denyhosts is no more available in Ubuntu repositories, although it can be still installed by a different method but it has not been updated since long. Thus, It is not wise to use Denyhosts .
– Faizan Akram Dar
Apr 11 '15 at 12:34
add a comment |
Denyhosts is another tool besides those mentioned by "jtd" that you might want to look at. It can automatically block repeated connection attempts to your SSH server. It is available to install in the Ubuntu repositories.
answered Feb 14 '14 at 3:44
firefly2442firefly2442
1212
Paket denyhosts is only avaiable for lucid (10.04LTS) and precise (12.04LTS). packages.ubuntu.com/search?suite=all&keywords=denyhosts
– A.B.
Apr 11 '15 at 9:57
Denyhosts is no more available in Ubuntu repositories, although it can be still installed by a different method but it has not been updated since long. Thus, It is not wise to use Denyhosts .
– Faizan Akram Dar
Apr 11 '15 at 12:34
add a comment |
Denyhosts is another tool besides those mentioned by "jtd" that you might want to look at. It can automatically block repeated connection attempts to your SSH server. It is available to install in the Ubuntu repositories.
answered Feb 14 '14 at 3:44
firefly2442firefly2442
1212
Denyhosts is another tool besides those mentioned by "jtd" that you might want to look at. It can automatically block repeated connection attempts to your SSH server. It is available to install in the Ubuntu repositories.
answered Feb 14 '14 at 3:44
firefly2442firefly2442
1212
answered Feb 14 '14 at 3:44
firefly2442firefly2442
1212
answered Feb 14 '14 at 3:44
firefly2442firefly2442
1212
answered Feb 14 '14 at 3:44
firefly2442firefly2442
1212
1212
Paket denyhosts is only avaiable for lucid (10.04LTS) and precise (12.04LTS). packages.ubuntu.com/search?suite=all&keywords=denyhosts
– A.B.
Apr 11 '15 at 9:57
Denyhosts is no more available in Ubuntu repositories, although it can be still installed by a different method but it has not been updated since long. Thus, It is not wise to use Denyhosts .
– Faizan Akram Dar
Apr 11 '15 at 12:34
add a comment |
Paket denyhosts is only avaiable for lucid (10.04LTS) and precise (12.04LTS). packages.ubuntu.com/search?suite=all&keywords=denyhosts
– A.B.
Apr 11 '15 at 9:57
Denyhosts is no more available in Ubuntu repositories, although it can be still installed by a different method but it has not been updated since long. Thus, It is not wise to use Denyhosts .
– Faizan Akram Dar
Apr 11 '15 at 12:34
Paket denyhosts is only avaiable for lucid (10.04LTS) and precise (12.04LTS). packages.ubuntu.com/search?suite=all&keywords=denyhosts
– A.B.
Apr 11 '15 at 9:57
Paket denyhosts is only avaiable for lucid (10.04LTS) and precise (12.04LTS). packages.ubuntu.com/search?suite=all&keywords=denyhosts
– A.B.
Apr 11 '15 at 9:57
Denyhosts is no more available in Ubuntu repositories, although it can be still installed by a different method but it has not been updated since long. Thus, It is not wise to use Denyhosts .
– Faizan Akram Dar
Apr 11 '15 at 12:34
Denyhosts is no more available in Ubuntu repositories, although it can be still installed by a different method but it has not been updated since long. Thus, It is not wise to use Denyhosts .
– Faizan Akram Dar
Apr 11 '15 at 12:34
add a comment |
Limit the Access to the User
Here, we will only allow the user to perform file transfer and we will disable the terminal access.
For that add the following codes at the bottom of the configuration file.
$ sudo nano /etc/ssh/sshd_config
Now the file will open and paste the code.
/etc/ssh/sshd_config
. . .
Match User filemg
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
Replace filemg with your user name. Then save and close the file.
That's it.
Reference: How to use SFTP in Ubuntu 16.04
edited Jul 19 '17 at 16:42
Zanna
51.1k13138242
answered Jul 19 '17 at 16:13
AimalAimal
11
add a comment |
Limit the Access to the User
Here, we will only allow the user to perform file transfer and we will disable the terminal access.
For that add the following codes at the bottom of the configuration file.
$ sudo nano /etc/ssh/sshd_config
Now the file will open and paste the code.
/etc/ssh/sshd_config
. . .
Match User filemg
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
Replace filemg with your user name. Then save and close the file.
That's it.
Reference: How to use SFTP in Ubuntu 16.04
edited Jul 19 '17 at 16:42
Zanna
51.1k13138242
answered Jul 19 '17 at 16:13
AimalAimal
11
add a comment |
Limit the Access to the User
Here, we will only allow the user to perform file transfer and we will disable the terminal access.
For that add the following codes at the bottom of the configuration file.
$ sudo nano /etc/ssh/sshd_config
Now the file will open and paste the code.
/etc/ssh/sshd_config
. . .
Match User filemg
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
Replace filemg with your user name. Then save and close the file.
That's it.
Reference: How to use SFTP in Ubuntu 16.04
edited Jul 19 '17 at 16:42
Zanna
51.1k13138242
answered Jul 19 '17 at 16:13
AimalAimal
11
Limit the Access to the User
Here, we will only allow the user to perform file transfer and we will disable the terminal access.
For that add the following codes at the bottom of the configuration file.
$ sudo nano /etc/ssh/sshd_config
Now the file will open and paste the code.
/etc/ssh/sshd_config
. . .
Match User filemg
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
Replace filemg with your user name. Then save and close the file.
That's it.
Reference: How to use SFTP in Ubuntu 16.04
edited Jul 19 '17 at 16:42
Zanna
51.1k13138242
answered Jul 19 '17 at 16:13
AimalAimal
11
edited Jul 19 '17 at 16:42
Zanna
51.1k13138242
edited Jul 19 '17 at 16:42
Zanna
51.1k13138242
edited Jul 19 '17 at 16:42
Zanna
51.1k13138242
51.1k13138242
answered Jul 19 '17 at 16:13
AimalAimal
11
answered Jul 19 '17 at 16:13
AimalAimal
11
answered Jul 19 '17 at 16:13
AimalAimal
11
11
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f420652%2fhow-to-setup-a-restricted-sftp-server-on-ubuntu%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
