How to Enable SFTP on a Web Server in Linux

How to enable SFTP on a Web Server in Linux

CHUONG K. NGUYEN – BSc., MCSEx2, MCSAx2, MCP, MCTS, MCITP, CCNA

In this guide I will show you how to allow SFTP connection to the web server so that users can publish their web contents using a secure connection instead of the insecure FTP method.

In this case I am using ISPConfig 3, so assume that web1 is the user that needs to publish contents to the SFTP.

Step 1: Edit the file /etc/ssh/sssd_config by adding this to the end of the file

Match User web1

ChrootDirectory /var/www/clients/client0/web1/web
ForceCommand internal-sftp

Please add those three lines for each user that needs access.

Step 2: Comment out the following line by putting a # in front of it.

Subsystem sftp /usr/lib/openssh/sftp-server

Step 3: Add this line below the commented line.

Subsystem sftp internal-sftp

Step 4: Save and exit the file sshd_config

Step 5: Change the password for user web1

passwd web1

Step 6: Edit the /etc/passwd file, find the line that is similar to this

web1:x:5004:5005::/var/www/clients/client0/web1:/bin/false

Change the line so that it reads:

web1:x:5004:5005::/var/www/clients/client0/web1/web:/bin/bash

Step 7: Change permission to 755

usr@host/var/www/clients/client0/web1# chmod 755 web -Rf

Step 8: Change ownership

usr@host:/var/www/clients/client0# chown root:root web1/ -Rf

Step 9: Restart ssh server by typing service ssh restart

Step 10: Use WinSCP to connect to the server using SFTP protocol. Use the user name as web1 and the password as the one in step 5.