- Edit your/etc/ssh/sshd_configfile with your favorite text editor:
2. vim /etc/ssh/sshd_config
- Add or modify theSubsystem sftpline to look like the following:
File excerpt:/etc/ssh/sshd_config
Subsystem sftp internal-sftp
- Add this block of settings to the end of the file:
File excerpt:/etc/ssh/sshd_config
Match group filetransfer
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
1. Save the changes to your file.
2. Restart OpenSSH:
3. /etc/init.d/ssh restart
OpenSSH has been successfully modified.
Modify user accounts to setup quota.
In this section, we'll set up the correct new groups, ownership, and permissions for your user accounts.
- Create a group for users whom you want to restrict to SFTP access:
2. addgroup filetransfer
- Modify the user accounts that you wish to restrict to SFTP. Issue the following commands for each account, substituting the appropriate username. Please keep in mind that this will prevent these users from being able to log into a remote shell session.
4. usermod -G filetransfer username
5. chown root:root /home/username
6. chmod 755 /home/username
These users will now be unable to create files in their home directories, since these directories are owned by the root user.
- Next, you need to create new directories for each user, to which they will have full access. Issue the following commands for each user, changing the directories created to suit your needs:
8. cd /home/username
9. mkdir docs public_html
10.chown username:filetransfer *
Your users should now be able to log into their accounts via SFTP and transfer files to and from their assigned subdirectories, but they shouldn't be able to see the rest of your Linode's filesystem.