Introduction:

Secure File Transfer Protocol (SFTP) is a popular choice for securely transferring files between systems. In some cases, you might want to create a user account solely for SFTP access and restrict their access to specific directories. In this article, we’ll guide you through the process of setting up a restricted SFTP user with chroot on an SSH server. We’ll create a user with limited shell access using /sbin/nologin and configure the SSH server to enforce the restrictions.

Prerequisites:

Access to a Linux server with sudo privileges.
Basic understanding of the Linux command line.

Certainly! Here’s a blog article on setting up restricted SFTP access on a Linux server using a bash script:

If you’re a system administrator or someone who manages Linux servers, you probably know the importance of secure file transfer protocols. SFTP (Secure File Transfer Protocol) is a popular choice for secure data exchange, and controlling user access is crucial to maintaining a secure environment.

In this article, we’ll walk you through an exciting solution: a bash script that automates the process of setting up restricted SFTP access for users on a Linux server. This script simplifies the task, saving you time and ensuring consistency in your setup.

The Purpose

The primary goal of this script is to create a new user with restricted SFTP access, limiting them to a specific directory on the server. By doing this, we can minimize the risk of unauthorized access to critical files and directories, bolstering the overall security of the system.

The Script

Let’s dive into the bash script. Here’s the code snippet we’ll be using:

#!/bin/bash

# Replace "sftuser" with the desired username
USERNAME="sftuser"
# Replace "/var/www/" with the desired Chroot directory
CHROOT_DIR="/var/www/"

# Create the user with /sbin/nologin shell
sudo useradd -s /sbin/nologin "$USERNAME"

# Set the password for the user (replace "password" with the actual password)
sudo echo "$USERNAME:password" | sudo chpasswd

# Backup the SSH configuration file
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_backup

# Append the necessary configuration to the SSH configuration file
sudo bash -c "cat >> /etc/ssh/sshd_config" <<EOL

# Configuration for SFTP access for $USERNAME
Match User $USERNAME
    ForceCommand internal-SFTP
    ChrootDirectory $CHROOT_DIR
    AllowTcpForwarding no
    X11Forwarding no
EOL

# Restart the SSH service to apply the changes
sudo service sshd restart

echo "User $USERNAME with restricted SFTP access has been set up."

🔗 You can find the code snippet on GitLab: click me to see the code

How to Use the Script

The script is designed to be straightforward to use, and it follows a few simple steps:

Replace "sftuser" with the desired username of the new user in the USERNAME variable.
Customize the CHROOT_DIR variable to set the desired Chroot directory. This is where the user will be restricted.
Set the user password by replacing "password" with the actual password. Make sure to use a strong and secure password.

Enhancing Security

This script significantly enhances security by isolating users to specific directories through the Chroot feature. Users will only be able to access their designated area, ensuring that sensitive files and system directories remain protected.

The Power of Automation

Automating the user setup process with this bash script streamlines your workflow and reduces the likelihood of manual errors. It is especially beneficial if you need to create multiple users with restricted SFTP access or if you frequently set up new servers.

Conclusion

In conclusion, automating the setup of restricted SFTP access on a Linux server is a powerful way to enhance security and simplify administrative tasks. With this bash script in your toolkit, you can create secure SFTP environments with ease and confidence.

Feel free to try out the script and adapt it to your specific needs. As always, remember to exercise caution when dealing with user credentials and permissions.

Happy scripting and stay secure!

Feel free to modify the blog article as needed to fit the style and tone of your blog. Remember to credit the source if you use any external code snippets or resources. Happy writing! 📝

Setting Up a Restricted SFTP User with Chroot on an SSH Server
Automate SFTP User Setup on Linux Servers with a Secure Bash Script
Enhance Linux Server Security: Automated SFTP User Setup with Bash
Streamlining SFTP User Creation on Linux: A Powerful Bash Script
Securely Set Up Restricted SFTP Users on Linux Using Automation
Efficient SFTP User Management: A Bash Script for Linux Servers
Simplify SFTP Access Control: Automating User Setup with Bash
Boost Linux Server Security: Auto-Create Restricted SFTP Users
Mastering SFTP User Configuration with a Custom Bash Script
One-Click SFTP User Setup: Automating on Linux Servers
Managing SFTP Access Made Easy: A Bash Script for Linux

#Linux #BashScripting #SFTP #CyberSecurity #Automation #SFTP #Linux #Automation #BashScript #Security #UserSetup #AccessControl #ServerManagement #Chroot #RestrictedUsers #Scripting #SecureFileTransfer #SSH #ServerAdministration

Author Info

msrajawat298

Mayank Singh

Hello, I am Mayank Singh Kushwah Software Engineer. I am highly ambitious and enthusiastic towards My learning and career development. I am happy to tell you about my contribution in my field. I’m currently working on onprintshop. ⚡ Hobbies There are lot's of hobbies like Learning Something New, Listening music, Explore or observe things, Traveling, watching cricket, playing badminton so on. As my hobbies Like Learning Some thing new I things that's why I have some knowledge of variety of technologies like Android studio , java (core), c, c++, Salesforce, Server Acritude, Sub-version control (like Svn and GIT) and there tools like GitHub, GitLab, and bit bucket, I have also know about Docker and many more. Listening of music which help me to relax and Increase my Productivity. I would love to share my skills. I am a you-tuber, blogger, local guide in google map. I have got perks an d also have been selected thrice for Top local guides of city. Friends, I have knowledge about digital marketing such as how to work on Google my business, SEO, ad-sense, email marketing. I would love to share Something about me as I carry out any task assigned to me without hesitation, provided the instructions are clear. In the case of doubts, I never hesitate to put forth my questions. I have always been a fast learner, and I love to keep up my process of learning to figure out better ways of solving problems. Moreover, I love to compete with my own past performances than competing with my peers, as I believe that improvement is always better than perfection!”

The Easy Way to Redirect Your old Domain Name to New Domain without Lose Traffic: A Step-by-Step Guide with PHP

Upgrade Your Workflows – Explore 9 Free AI Tools

How to Deploy lambda function using aws-toolkit using vsCode

How to use Javascript to find AdBlockers. Having issues with AdBlockers and want to recoup the money you lost?

Planning Made Easy with Planner Buddy

How Planner Buddy Simplifies Event Management

Simplify Your Event Planning with Planner Buddy

Boosting Security for Your WordPress Website: 11 Essential Techniques

Launched First Website to Enhance Development

Building Your Own ChatGPT: A Cost-Effective Guide to Creating a Custom Chatbot

Automating Secure SFTP User Setup with a Bash Script