CyberKeeda In Social Media

How to allow only SFTP access and no shell access.

 

Requirement :
  • Restricted to SFTP access
  • Disallow all SSH connection coming from sftp user
Lab setup details
  • Ubuntu 16.04
  • Hostname : cyberkeeda.sftp.com

  • Create a sftp user

Syntax Template

# adduser sftpadmin

  • Create a sftp folder, this folder will be used for sftp user
  • Provide ownership to root and give other users only read and execute rights.

Syntax Template

# mkdir /var/sftpdata
# chown root.root /var/sftpdata

# chmod 755 /var/sftpdata

  • Update SSH server config file with below snippet 

Syntax Template

# vim /etc/ssh/sshd_config

  • Copy paste the below snippet at the bottom of the file and save.

Syntax Template


Match User sftpadmin ForceCommand internal-sftp PasswordAuthentication yes ChrootDirectory /var/sftpdata PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no

  • Restart SSHD server

Syntax Template

# systemctl restart sshd

  • Check by logging in via sftp and ssh both

Syntax Template

# sftp sftpadmin@cyberkeeda.sftp.com



No comments:

Post a Comment

Designed By Jackuna