Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > alt.os.linux.debian > #10744
| Path | csiph.com!weretis.net!feeder9.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer04.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx38.iad.POSTED!not-for-mail |
|---|---|
| Newsgroups | alt.os.linux.debian |
| From | Tom Mix <tommix@dev.null> |
| Subject | Re: How do I set up a SFTP server for only file transfers in my Debian stable/Trixie? |
| References | <10t8imj$37u16$1@dont-email.me> |
| Reply-To | tom-mixmin@protonmail.com |
| Organization | Order of the Eternal Bait |
| X-No-Archive | yes |
| X-Troll-Infestation-Level | Maximum |
| X-Bridge-Residency | Confirmed |
| X-Bait-Quality | Extra Stinky |
| X-Obsession-Factor | 11/10 |
| X-Reply-Counter | Broken |
| X-Spanked-Hard | Jen Dershmender, Adam H. Kerman, Bill Stickers, Praetor Mandrake |
| X-Sockpuppet-Count | Infinite |
| X-Flamewar-Readiness | Locked & Loaded |
| X-Thread-Necromancy | Active |
| X-Nonsense-Quotient | Overflow |
| X-Meme-Residue | Heavy |
| User-Agent | slrn/1.0.3 (Linux) |
| Message-ID | <slrn110h3q7.21snn.tommix@devnull.org> (permalink) |
| Lines | 62 |
| X-Complaints-To | https://www.astraweb.com/aup |
| NNTP-Posting-Date | Sat, 16 May 2026 15:37:44 UTC |
| Date | Sat, 16 May 2026 15:37:44 GMT |
| X-Received-Bytes | 2402 |
| Xref | csiph.com alt.os.linux.debian:10744 |
Show key headers only | View raw
On 2026-05-03, Ant <ant@zimage.comANT> wrote:
> Hello,
>
> How do I set up a SFTP server for only file transfers in my Debian
> stable/Trixie? Download and uploads only. No SSH access, accessing other
> directories, etc.
>
> Thank you for reading and hopefully answering soon. :)
OpenSSH can already do this without needing anything fancy.
What you want is a chrooted SFTP setup with the user forced into
internal-sftp and no shell access.
Install the server if it is not already there:
sudo apt install openssh-server
Make a group for SFTP-only users:
sudo groupadd sftpusers
Create the user:
sudo useradd -m -g sftpusers -s /usr/sbin/nologin username
sudo passwd username
Now make the jailed directory structure:
sudo mkdir -p /sftp/username/uploads
Important part here: the top directory has to belong to root or sshd
will refuse the login.
sudo chown root:root /sftp/username
sudo chmod 755 /sftp/username
Then hand the writable directory to the user:
sudo chown username:sftpusers /sftp/username/uploads
Now edit:
/etc/ssh/sshd_config
Add this at the bottom:
Match Group sftpusers
ChrootDirectory /sftp/%u
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
Restart ssh:
sudo systemctl restart ssh
That gives them file transfers only. No shell, no wandering around the
filesystem, no SSH login.
--
Tom Mix
Back to alt.os.linux.debian | Previous | Next — Previous in thread | Next in thread | Find similar
How do I set up a SFTP server for only file transfers in my Debian stable/Trixie? ant@zimage.comANT (Ant) - 2026-05-03 22:37 +0000
Re: How do I set up a SFTP server for only file transfers in my Debian stable/Trixie? Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-04 05:43 +0000
Re: How do I set up a SFTP server for only file transfers in my Debian stable/Trixie? Tom Mix <tommix@dev.null> - 2026-05-16 15:37 +0000
Re: How do I set up a SFTP server for only file transfers in my Debian stable/Trixie? ant@zimage.comANT (Ant) - 2026-05-16 16:40 +0000
csiph-web