This procedure will setup a SFTP server, thats FTP over SSH on Ubuntu Server. In this instance the FTP server will be for a group of people accessing the same FTP share.
This procedure has been tested against Ubuntu 10.04 LTSFirst we need to install the SSH-Server packages on the Ubuntu server assuming they haven't been installed already. On the console type:
Next we will create a group which will have shared access to the FTP Server mount point:
sudo groupadd ftpshared
Next we create the FTP folder on the filesystem. As this folder will contain data that may potentially grow to fill the disk it is recommended to set this up on a separate partition. Another important point to note is that SFTP relies on both the root user and root group owner the top level FTP mount. If this is not the case you will get errors when connecting to the FTP server, in my case authentication and connection errors.
sudo mkdir /srv
sudo mkdir /srv/ftp
sudo mkdir /srv/ftp/shared
Next change the ownership on the shared folder so that members of ftpshared can access it.
sudo chown root:ftpshared /srv/ftp/shared
sudo chmod 775 /srv/ftp/shared
Now that the filesystem is setup we will update the SSH daemon configuration, but first, backup the existing configuration.
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sudo nano /etc/ssh/sshd
Now add the following lines to the bottom of /etc/ssh/ssh_config
Match group ftpshared
ChrootDirectory /srv/ftp/shared
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp
To make the config take affect we'll need to restart the SSH daemon:
sudo service ssh restart
Finally we create the user accounts on the Ubuntu server and give them access to the FTP server:
sudo useradd [user_name] -d /srv/ftp/shared -s /bin/false
sudo adduser [user_name] ftpshared
sudo passwd [user_name]
As a final step, open up your FTP client of choice and test the FTP logon process. Also confirm that the user cannot navigate outside of the /srv/ftp/shared area.
I tried to do this, on an Ubuntu in virtualbox with bridged adapter, and connect from windows7, but I keep getting permission denied when attempting to connect. Any good ideas what might be wrong?
ReplyDeleteTo chroot the FTP folder, the rights must be changed, switch the following line:
ReplyDeletesudo chmod 775 /srv/ftp/shared
with:
sudo chmod 750 /srv/ftp/shared
Then to be able to write into the FTP folder, you must create another folder inside /srv/ftp/shared, with full rights for the ftp user:
sudo mkdir /srv/ftp/shared/writableFolder
sudo chown [USERNAME]:ftpshared /srv/ftp/shared/writableFolder
sudo chmod 700 /srv/ftp/shared/writableFolder
Let me know if it works!