Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > alt.os.linux.debian > #10744

Re: How do I set up a SFTP server for only file transfers in my Debian stable/Trixie?

Newsgroups alt.os.linux.debian
From Tom Mix <tommix@dev.null>
Subject Re: How do I set up a SFTP server for only file transfers in my Debian stable/Trixie?
References <10t8imj$37u16$1@dont-email.me>
Organization Order of the Eternal Bait
Message-ID <slrn110h3q7.21snn.tommix@devnull.org> (permalink)
Date 2026-05-16 15:37 +0000

Show all headers | View raw

On 2026-05-03, Ant <ant@zimage.comANT> wrote:
> Hello,
>
> How do I set up a SFTP server for only file transfers in my Debian 
> stable/Trixie? Download and uploads only. No SSH access, accessing other 
> directories, etc.
>
> Thank you for reading and hopefully answering soon. :)

OpenSSH can already do this without needing anything fancy.

What you want is a chrooted SFTP setup with the user forced into
internal-sftp and no shell access.

Install the server if it is not already there:

sudo apt install openssh-server

Make a group for SFTP-only users:

sudo groupadd sftpusers

Create the user:

sudo useradd -m -g sftpusers -s /usr/sbin/nologin username
sudo passwd username

Now make the jailed directory structure:

sudo mkdir -p /sftp/username/uploads

Important part here: the top directory has to belong to root or sshd
will refuse the login.

sudo chown root:root /sftp/username
sudo chmod 755 /sftp/username

Then hand the writable directory to the user:

sudo chown username:sftpusers /sftp/username/uploads

Now edit:

/etc/ssh/sshd_config

Add this at the bottom:

Match Group sftpusers
    ChrootDirectory /sftp/%u
    ForceCommand internal-sftp
    X11Forwarding no
    AllowTcpForwarding no

Restart ssh:

sudo systemctl restart ssh

That gives them file transfers only. No shell, no wandering around the
filesystem, no SSH login.

-- 
Tom Mix

Back to alt.os.linux.debian | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

How do I set up a SFTP server for only file transfers in my Debian stable/Trixie? ant@zimage.comANT (Ant) - 2026-05-03 22:37 +0000
  Re: How do I set up a SFTP server for only file transfers in my Debian stable/Trixie? Lawrence D’Oliveiro <ldo@nz.invalid> - 2026-05-04 05:43 +0000
  Re: How do I set up a SFTP server for only file transfers in my Debian stable/Trixie? Tom Mix <tommix@dev.null> - 2026-05-16 15:37 +0000
    Re: How do I set up a SFTP server for only file transfers in my Debian stable/Trixie? ant@zimage.comANT (Ant) - 2026-05-16 16:40 +0000

csiph-web