Creating sftpusers group and adding users into this group
root@SFTP-Server:~# groupadd sftpusers
root@SFTP-Server:~# useradd -G sftpusers -d /home/sftpadmin/ -s /bin/false sftpadmin
root@SFTP-Server:~# chgrp -R sftpusers /home/sftpadmin
root@SFTP-Server:~# chown sftpadmin:sftpusers /home/sftpadmin
root@SFTP-Server:~# chown -R sftpadmin:sftpusers /home/sftpadmin/
root@SFTP-Server:~# chmod 750 /home/sftpadmin
Confirm it as follows:
root@SFTP-Server:~# ls -lhd /home/sftpadmin
drwxr-x--- 4 sftpadmin sftpusers 4.0K Jan 13 09:21 /home/sftpadmin
Now,Create a director .ssh and copy the public key to authorized_keys under the /home/sftpadmin/.ssh/
root@SFTP-Server:~# chmod 700 /home/sftpadmin/.ssh
root@SFTP-Server:~# chmod 600 /home/sftpadmin/.ssh/authorized_keys
Copy the public key to the SFTP-Server
root@SFTP-Server:~# cat /home/sftpadmin/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiy3mJTHkS74taR3spRkbZJhgz4CjSHKsMmPDPRA6cbA1Tkd3BEitAs7ofB7Tlv6+WlMXeuq1V9gy4muF9pSWJuEjzDreULD3mlbjY40jvrYXMZZHdOVfm9J93QcTJChfwmJe5gYyVwp5N2Hyt40f
Make sure there are no extra spaces at the end of the public key
Now execute the below command to complete the permissions
root@SFTP-Server:~# chown -R sftpadmin:sftpusers /home/sftpadmin/
Now change /etc/ssh/sshd_config and comment out sftp-server line and add a new line Subsystem sftp internal-sftp as follows:
root@SFTP-Server:~# vi /etc/ssh/sshd_config
# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
The configuration is now Done, Confirm by accessing from winscp be providing the private key
To cross verify, Within the /var/log/secure logs we should see the similar messages
Jan 13 01:56:59 cent59-02 sshd[6793]: Accepted publickey for sftpadmin from 172.22.101.217 port 1539 ssh2
Jan 13 01:56:59 cent59-02 sshd[6793]: pam_unix(sshd:session): session opened for user sftpadmin by (uid=0)
=============================
wiz@cb-DOC:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/wiz/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/wiz/.ssh/id_rsa.
Your public key has been saved in /home/wiz/.ssh/id_rsa.pub.
The key fingerprint is:
7f:0b:98:5b:5b:7c:c4:32:a0:c6:31:d7:78:5e:dd:68 wiz@cb-DOC
The key's randomart image is:
+--[ RSA 2048]----+
| |
| o .o|
| o + E +|
| . ==. = o |
| S + + o|
| o o . + |
| == o o .|
| = + . |
| . o |
+-----------------+
wiz@cb-DOC:~$
AAAAB3NzaC1yc2EAAAADAQABAAABAQDQazG6pBU5hBcuPsEg0kwXaCq2KiSdMbWT9HvEFFc8Leb3VbmwfZwSJv5SDd36Zm8x0a8BYnMYW/BZ9fO5z5WdK7lfKCtFLf93T1x3AuwPRk8zJKLJFD7AH7Hw/9IO2Q6fzFQTFnYIMETOpy+SZSCaXkdpGFdkXt3qFw5rXKfd02T2iaHtzhMSp/uevGqQsUmfQB50exgj+SZyzeupibqOaRwQGZGj55iRrsdIVETUXTFFvbiYAJWjD9Wi9KDXMR11XZtDwzYr37kHFl9MaxOx2ktl7avfMDE1scUOoFhtZod/DRI5b6AC9zR4BFvPPGBPoFf
ssh-copy-id -i .ssh/id_dsa.pub root@192.168.1.4
1247 ssh root@192.168.1.4
root@ubuntu-v12:~# cat /home/sftpadmin/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQazG6pBU5hBcuPsEg0kwXaCq2KiSdMbWT9HvEFFc8Leb3VbmwfZwSJv5SDd36Zm8x0a8BYnMYW/BZ9fO5z5WdK7lfKCtFLf93T1x3AuwPRk8zJKLJFD7AH7Hw/9IO2Q6fzFQTFnYIMETOpy+SZSCaXkdpGFdkXt3qFw5rXKfd02T2iaHtzhMSp/uevGqQsUmfQB50exgj+SZyzeupibqOaRwQGZGj55iRrsdIVETUXTFFvbiYAJWjD9Wi9KDXMR11XZtDwzYr37kHFl9MaxOx2ktl7avfMDE1scUOoFhtZod/DRI5b6AC9zR4BFvPPGBPoFf
root@ubuntu-v12:~#
root@ubuntu-v12:~# ls -lthd /home/sftpadmin/*
drwxr-x--- 3 sftpadmin sftpadmin 4.0K Jan 13 22:01 /home/sftpadmin/public
root@ubuntu-v12:~# ls -lthd /home/sftpadmin/
drwxr-x--- 5 sftpadmin sftpusers 4.0K Jan 13 21:32 /home/sftpadmin/
root@ubuntu-v12:~# ls -lthd /home/
drwxr-xr-x 4 root root 4.0K Jan 13 19:36 /home/
Note, the home folder for the new sftp user has to be given root owner.s
cat /etc/ssh/sshd_config
Subsystem sftp internal-sftp
UsePAM yes
Match Group sftpuser
ChrootDirectory %h
ForceCommand internal-sftp
wiz@ubuntu-v12:~$ grep sftpadmin /etc/passwd
sftpadmin:x:1001:1002::/home/sftpadmin/:/bin/false
view /var/log/auth.log
Jan 13 23:20:14 ubuntu-v12 sshd[6372]: Accepted publickey for sftpadmin from 192.168.1.2 port 58409 ssh2
Jan 13 23:20:14 ubuntu-v12 sshd[6372]: pam_unix(sshd:session): session opened for user sftpadmin by (uid=0)
Jan 13 23:20:15 ubuntu-v12 sshd[6514]: subsystem request for sftp by user sftpadmin
Jan 13 23:21:02 ubuntu-v12 sshd[6516]: Accepted password for wiz from 192.168.1.2 port 58410 ssh2
Jan 13 23:21:02 ubuntu-v12 sshd[6516]: pam_unix(sshd:session): session opened for user wiz by (uid=0)
No comments:
Post a Comment