How to enable SFTP on a Web Server in Linux
CHUONG K. NGUYEN – BSc., MCSEx2, MCSAx2, MCP, MCTS, MCITP, CCNA
In this guide I will show you how to allow SFTP connection to the web server so that users can publish their web contents using a secure connection instead of the insecure FTP method.
In this case I am using ISPConfig 3, so assume that web1 is the user that needs to publish contents to the SFTP.
Step 1: Edit the file /etc/ssh/sssd_config by adding this to the end of the file
Match User web1
ChrootDirectory /var/www/clients/client0/web1/web
ForceCommand internal-sftp
Please add those three lines for each user that needs access.
Step 2: Comment out the following line by putting a # in front of it.
Subsystem sftp /usr/lib/openssh/sftp-server
Step 3: Add this line below the commented line.
Subsystem sftp internal-sftp
Step 4: Save and exit the file sshd_config
Step 5: Change the password for user web1
passwd web1
Step 6: Edit the /etc/passwd file, find the line that is similar to this
web1:x:5004:5005::/var/www/clients/client0/web1:/bin/false
Change the line so that it reads:
web1:x:5004:5005::/var/www/clients/client0/web1/web:/bin/bash
Step 7: Change permission to 755
usr@host/var/www/clients/client0/web1# chmod 755 web -Rf
Step 8: Change ownership
usr@host:/var/www/clients/client0# chown root:root web1/ -Rf
Step 9: Restart ssh server by typing service ssh restart
Step 10: Use WinSCP to connect to the server using SFTP protocol. Use the user name as web1 and the password as the one in step 5.