how to create sftp user

how to create sftp user

If your running Ubuntu Server 14.04.1 as a web server you may need to create ftp or sftp users. You may need to create a user because your wordpress installation went wrong and you need the theme creator to look it over. Maybe you need multiple ftp users because your clients each manage their own website on your server. What it be, this guide will show you how to create new users.

Ubuntu’s directory for multiple websites may look like this: /var/www/clients/client0/web1/web/…..Your index.html file should be located in the web folder.

I run ispconfig to manage my websites. When you add websites it automatically creates a user that takes ownership of it. Lets take the example above: /var/www/clients/client0/web1/web/. web1 is a user that is automatically created and you can use this to ftp. To make the connection more secure we are going to use sftp(secure file transfer protocol) instead of ftp.

Here is what you need to do:

  1. Open your /etc/ssh/sshd_config file
  2. Add this to the end of the file. These lines of code make your server more secure. It makes it so the user that logs in via ftp can’t view any parent folders and access any other files from your server. The user can only view the files pertaining to the website.
    1. Match User web1
      ChrootDirectory /var/www/clients/client0/web1/web
      ForceCommand internal-sftp
  3. If you want your user to be able to view log files for that website use this instead of the 3 lines above:
    1. Match User web5
      ChrootDirectory /var/www/clients/client0/web1
      ForceCommand internal-sftp
  4. Now look for the line: Subsystem sftp /usr/lib/openssh/sftp-server and comment it out using #
  5. Now add this line right below it:
    1. Subsystem sftp internal-sftp
  6. Now save and exit the /etc/ssh/sshd_config file
  7. If you haven’t created a password for web1 or if you want to change it, type this in your terminal:
    1. sudo passwd web1
    2. then just enter your password
  8. Now open your /etc/passwd file
    1. Find this line (or similiar) : web1:x:5004:5005::/var/www/clients/client0/web1:/bin/false
    2. Change /bin/false to /bin/bash
  9. Make sure your file permissions are set to 755
  10. Now restart ssh by typing this in your terminal:
    1. service ssh restart
  11. Now use your file transfer protocol program (I use winscp) to log in

4 Comments for : how to create sftp user

    • Daniel
    • May 12, 2015
    Reply

    What file do you mean in “9. Make sure your file permissions are set to 755”? Please answer asap. 🙂

    • Luke
    • May 13, 2015
    Reply

    Hello Daniel. The files that your giving your sftp user access to should have the file permissions set to 755. This ensures that they cannot write to any of them(change them). They can only read and execute them. So in the example above we gave our user access to all the files in /var/www/clients/client0/web1/web. I don’t want the user to be able to change those files though. I only want that user to be able to read and execute them. If you want your users to be able to change them then you would set your file permissions to 777. Whatever file permissions you choose make sure they can atleast read them otherwise they will get permission denied. Let me know if this helps.

    • Daniel
    • May 16, 2015
    Reply

    Luke, thank you so much! I finally can use SFTP only. I am so glad I found this website.

    • Luke
    • May 16, 2015
    Reply

    I’m glad I could help out Daniel!

Leave a Comment