SFTP server setup on ec2 instance - noi-techpark/documentation GitHub Wiki

To easily setup sftp with an ec2-instance (Amazon linux in my case), check that Openssh is installed and do the following steps

Security

Since it's basically just ssh we are using you don't to change a lot in your ec2 security groups, just open ssh ports in inbound for the IP's you want to grant access

Setup

• create a user on your machine (You do not need to call him Chuck :)

  adduser chuck

• in Chuck's home folder create a '.ssh' folder and an authorized_keys file inside and give it the correct authorities enable ssh correctly

mkdir .ssh
touch .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
chmod 700 .ssh/

• put Chuck's public ssh key in the authorized_keys file

  cat chuck_id.pub >> .ssh/authorized_keys

• create a group for sftp users

  groupadd sftponly

• add user to group

  usermod -a -G sftponly chuck

• go to /etc/ssh/sshd_config and change the following config

## Comment this
# Subsystem sftp /usr/libexec/openssh/sftp-server
## Add or substitute this
Subsystem sftp internal-sftp
Match group sftponly
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

• restart ssh

  /etc/init.d/sshd restart

• by changing permissions of your new chucks home folder and contentents, he should be chrooted there

chown -R chuck:sftponly /home/chuck/

• Also do not forget to set root as owner of that home dir and set correct access rights, so group can access

chown root:sftponly /home/chuck/
chmod 750 /home/chuck

• try to login to your server via sftp 'sftp [email protected]'

:tada:

If it does not work, ask Chuck!