Created
July 9, 2020 18:44
-
-
Save raojeet/60b4f59ae764ec45ddd082d9caa5bea0 to your computer and use it in GitHub Desktop.
Revisions
-
raojeet created this gist
Jul 9, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,42 @@ #!/bin/bash if [ "$EUID" -ne 0 ] then echo "Please run with sudo" exit fi read -p 'Enter sftp username to create: ' username echo Creating user account for $username adduser $username --shell /sbin/nologin read -p 'Enter sftp password to create: ' password echo "$username:$password" | chpasswd echo Creating SSH keys for user mkdir /home/$username/.ssh ssh-keygen -f $username cp ./$username.pub /home/$username/.ssh/authorized_keys chown -R $username.$username /home/$username/.ssh mv ./$username ./$username.key echo Creating sftp chroot directory for user mkdir -p /var/sftp/$username chown root.root /var/sftp/$username mkdir -p /var/sftp/$username/upload chown $username.$username /var/sftp/$username/upload echo Modifying sshd_config to use internal-sftp which supports chroot sudo sed -i '/^Subsystem\s*sftp/c\Subsystem sftp internal-sftp' /etc/ssh/sshd_config echo Adding sftp config for user to sshd_config cat <<EOT >> /etc/ssh/sshd_config Match User $username AuthenticationMethods "publickey,password" "publickey,keyboard-interactive" ChrootDirectory /var/sftp/$username ForceCommand internal-sftp AllowTcpForwarding no X11Forwarding no EOT echo Done. Run 'service sshd restart' to pick up changes echo Provide ./$username.key to user so they can authenticate.