This tutorial will help you with step-by-step instructions to setup sftp only user in MX Linux. MX Linux popularity is increasing day by day and it becoming first choice for desktop systems. In the case, you want to provide access to someone with sftp only without shell access, this guide is for you.
Step 1: Installing SSH and SFTP
Firstly, ensure your MX Linux system has SSH (Secure Shell) installed as it forms the backbone for SFTP. Begin by updating your package list and installing SSH through:
sudo apt updatesudo apt install openssh-server
This step is foundational for establishing a secure environment for file transfers.
Step 2: Creating a New User for SFTP
The next step involves creating a dedicated user for SFTP. This user will be configured to have restricted access, limited only to SFTP operations. Use the command
sudo adduser sftpuser
Replace ‘sftpuser’ with your preferred username, and follow the on-screen prompts to complete the user setup.
Step 3: Restricting User to SFTP Access
To limit this new user to SFTP access, modifications to the SSH configuration are required. Edit the SSH config file (/etc/ssh/sshd_config):
sudo nano /etc/ssh/sshd_config
And append the following configurations at the end:
Match User sftpuser
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /home/sftpuser
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
These settings ensure that ‘sftpuser’ is restricted to SFTP access within a chroot environment, enhancing security by isolating the user’s access.
Step 4: Setting Up the SFTP Directory
Security protocols necessitate that the SFTP directory is owned by the root. You can set the ownership to root:
sudo chown root:root /home/sftpuser
Then create a subdirectory for file transfers, like /home/sftpuser/files. Assign ownership of this new directory to the SFTP user to enable file operations within it.
mkdir /home/sftpuser/fileschown sftpuser:sftpuser /home/sftpuser/files
Step 5: Restarting SSH Service
To implement these changes, restart the SSH service using systemctl. This step is crucial to apply the new configurations.
sudo systemctl restart sshd
Step 5: Testing SFTP Access
Finally, it’s important to test the SFTP access to ensure everything is configured correctly. Use an SFTP client from another machine to connect to the server and verify that the user is restricted to the specified directory and cannot access other parts of the system.
Conclusion
By following these steps, you can successfully create an SFTP-only user on MX Linux. This setup not only enhances the security of your server but also provides a controlled environment for file transfers. Regular system updates and secure password practices are recommended to maintain optimal security.
This comprehensive guide aims to assist both beginners and intermediate users in securely setting up an SFTP-only user on MX Linux, ensuring a blend of accessibility and security in server management.