This tutorial will help you to create SFTP only user (without ssh shell access) on Ubuntu systems. And restrict (chroot) the SFT user account to specific directory only. Also disable the shell access to user.
Prerequisites
A running Ubuntu 20.04 LTS system You must have sudo privileged account with shell access
Step 1 – Create User
First of all, create a user account in your system to use as sftp user. The following command will create a new account named sftpuser with no shell access. You can change the username of your choice
Step 2 – Create Directory for SFTP
Now, create the directory structure to be accessible by the sftp user. Here we will allow user to access “files” directory only. Now, change the ownership of the files directory to the sftpuser. So that sftpuser can read and write on this directory only. And set the owner and group owner of the /var/sftp to root. The root user has read/write access on this access. Group member and other account have only read and execute permissions.
Step 3 – Configure sshd for SFTP Only
Now edit the SSH configuration file in a text editor and add the following settings at end of file. Save the configuration and restart SSH service to apply changes. All done, SFTP only use is successfully created on your Ubuntu system. Now try logging into the remote system with the new user’s credentials, and check if everything is working correctly.
Step 4 – Connect to SFTP User
Once can connect to remote SFTP server using command line or graphical applications like Filezilla or WinSCP. In this tutorial, I will show you both ways to connect sftp only account on Ubuntu system. Linux users can use sftp command line utility to connect to remote sftp instance. GUI interface or Windows users can use graphical sftp clients. For example, use filezilla client to connect remote sftp only account on remote system.
Verify no shell access: As this account is configured for SFTP only connection. So if any user tried to connect via SSH will be disconnected immediately after successful authentication. User will get below message:
Conclusion
This tutorial describes you to create a sftp only user account on Ubuntu system. Disabled shell access for the same account to restrict user to sftp access only.
