🚀 SFTP Setup Guide

This guide will help you set up a secure SFTP server using a restricted user account.

🛠️ Step 1: Create a New User

sudo adduser demoUser

This creates a new user named demoUser, which will be used for SFTP access.

📁 Step 2: Create the Upload Directory

sudo mkdir -p /var/sftp/uploads

This directory will store the uploaded files.

🔒 Step 3: Set Ownership and Permissions

1️⃣ Change the ownership of /var/sftp to root:root:

sudo chown root:root /var/sftp

SSH requires that the chroot directory is owned by root for security reasons.

2️⃣ Set the correct permissions for /var/sftp:

sudo chmod 755 /var/sftp

This ensures only root has full access while others can only read and execute.

3️⃣ Allow demoUser to upload files by changing ownership of /var/sftp/uploads:

sudo chown demoUser:demoUser /var/sftp/uploads

⚙️ Step 4: Configure SSH for SFTP

Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Add the following lines at the bottom:

Match User demoUser
    ForceCommand internal-sftp
    PasswordAuthentication yes
    ChrootDirectory /var/sftp
    PermitTunnel no
    AllowAgentForwarding no
    AllowTcpForwarding no
    X11Forwarding no

This restricts demoUser to only use SFTP (no SSH shell access) and locks them into /var/sftp.

🔄 Step 5: Restart SSH Service

sudo systemctl restart sshd

This applies the new configuration.

🛠️ Step 6: Test the Setup

❌ Try logging in via SSH (should fail)

ssh demoUser@your_server_ip

Output:

This service allows sftp connections only.
Connection to your_server_ip closed.

✅ Connect via SFTP (should succeed)

sftp demoUser@your_server_ip

Output:

Connected to your_server_ip
sftp>

Now, you can upload/download files securely using SFTP! 🎉

🛠️ Step 1: Create a New User​

📁 Step 2: Create the Upload Directory​

🔒 Step 3: Set Ownership and Permissions​

⚙️ Step 4: Configure SSH for SFTP​

🔄 Step 5: Restart SSH Service​

🛠️ Step 6: Test the Setup​

❌ Try logging in via SSH (should fail)​

✅ Connect via SFTP (should succeed)​