Skip to content

Instantly share code, notes, and snippets.

@raojeet

raojeet/setup_sftp.sh

Forked from thomascannon/setup_sftp.sh
Last active July 9, 2020 18:43
Show Gist options
  • Save raojeet/c0a20132f3fd793fe16a41c81855bb02 to your computer and use it in GitHub Desktop.
Save raojeet/c0a20132f3fd793fe16a41c81855bb02 to your computer and use it in GitHub Desktop.
Download ZIP
Script to setup a sftp service with KEY authentication
Raw
setup_sftp.sh
#!/bin/bash
# Assumes SSH is setup already with publickey authentication, i.e.
# PubkeyAuthentication yes
# PasswordAuthentication no
if [ "$EUID" -ne 0 ]
then echo "Please run with sudo"
exit
fi
read -p 'Enter sftp username to create: ' username
echo Creating user account for $username
adduser $username --shell /sbin/nologin
echo Creating SSH keys for user
mkdir /home/$username/.ssh
ssh-keygen -f $username
cp ./$username.pub /home/$username/.ssh/authorized_keys
chown -R $username.$username /home/$username/.ssh
mv ./$username ./$username.key
echo Creating sftp chroot directory for user
mkdir -p /var/sftp/$username
chown root.root /var/sftp
chown $username.$username /var/sftp/$username
echo Modifying sshd_config to use internal-sftp which supports chroot
sudo sed -i '/^Subsystem\s*sftp/c\Subsystem sftp internal-sftp' /etc/ssh/sshd_config
echo Adding sftp config for user to sshd_config
cat <<EOT >> /etc/ssh/sshd_config
Match User $username
ChrootDirectory /var/sftp
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
EOT
echo Done. Run 'service sshd restart' to pick up changes
echo Provide ./$username.key to user so they can authenticate.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment