Sunday, 3 September 2017

How to configure SFTP Server on Centos/RHEL - Multiple users



SSH File Transfer Protocol (SFTP) is application protocol designed to allow easily transfer files between computers. Many users prefer to use SFTP. SFTP provides file access, transfer, and management tools that resemble FTP through a secure SSH connection. However, SFTP is not merely FTP over SSH. Instead, it is an entirely separate protocol. 


We just require to confirm the packages openssh installed on the server and that got already installed while installation Centos/RHEL server.

Step 1: follow the below commands to check if the openssh packages installed:

[root@linuxcnf ~]# ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013
[root@linuxcnf ~]#

As per above screenshot Openssh package is installed. Now we can configure SFTP. Follow the below steps to configure SFTP Server:

Step 2: Create a directory and change ownership/permission for the directory that we are useing in sftp configuration:

[root@linuxcnf ~]# mkdir /data
[root@linuxcnf ~]# mkdir –p /data/sftpdata
[root@linuxcnf ~]# chown root:root /data/
[root@linuxcnf ~]# chmod 755 /data/

Step 3: Create a group for SFTP users, then create a user and assign it to the sftpgroup group to the all user that need SFTP access. Follow the below steps:

[root@linuxcnf html]# groupadd sftpgroup

[root@linuxcnf html]# useradd -g sftpgroup -d /data/sftpdata -s /sbin/nologin sftpuser
[root@linuxcnf html]# passwd sftpuser

[root@linuxcnf html]# useradd -g sftpgroup -d /data/sftpdata -s /sbin/nologin sftpuser1
[root@linuxcnf html]# passwd sftpuser1

While creating users ignore the below warning massage:

[root@localhost ~]# useradd -g sftpgroup -d /data/sftpdata -s /sbin/nologin sftpuser
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[root@localhost ~]#

If user already created, need to modify the user group, home dir and login shell:

[root@linuxcnf html]# usermod -g sftpgroup -d /data/sftpdata -s /sbin/nologin sftpuser

Step 4: Change ownership/permission for /data/sftpdata/ for access to across all users belongs to sftpgroup:

[root@linuxcnf ~]# chown sftpuser:sftpgroup /data/sftpdata/
[root@linuxcnf ~]# chmod 775 /data/sftpdata/

 

Step 5: Now edit the config file “/etc/ssh/sshd_config” :

 

[root@linuxcnf ~]# vi /etc/ssh/sshd_config
#Add below lines in /etc/ssh/sshd_config file and comment existing Subsystem
Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE

# Example of overriding settings on a per-user basis
#Match user %u

Match group sftpgroup
ChrootDirectory /data/
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp -f AUTHPRIV -l VERBOSE

Save the file and restart sshd service:

[root@linuxcnf ~]# service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]
[root@linuxcnf ~]#

Step 6: Now test the configured sftp:

Testing with user 1 - sftpuser:

[root@linuxcnf ~]# sftp sftpuser@192.168.43.107
Connecting to 192.168.43.107...
sftpuser@192.168.43.107's password:
sftp> pwd
Remote working directory: /
sftp> ls
sftpdata
sftp>

Testing with user 2 - sftpuser1:

[root@linuxcnf ~]# sftp sftpuser1@192.168.43.107
Connecting to 192.168.43.107...
sftpuser1@192.168.43.107's password:
sftp> pwd
Remote working directory: /
sftp> ls
sftpdata
sftp>

SFTP configuration done!!

No comments:

Post a comment