I need your help about configuration for my SFTP server on Ubuntu.
I've installed open ssh, I've created my key pair.
I've configured sshd_config, to allow only certificate authentication, and for each user I created a match user block with specific configuration: user sftp-service, use publikey, no X11, no tunnel etc.
I've created mu users, with no login option, I've created the .ssh with authorized_keys files according to permission
Chown myuser:myuser /home/mysuser
Chmod 700 /home/myuser
Chmod 600 /home/myusers/.ssh/authorized_keys.
I've also create a chroot directory
/sftp/chroot/
With inside a directory for all users
/sftp/chroot/myuser1
/sftp/chroot/myuser2
/sftp/chroot/myuser3
...
The sshd_config is configured accordingly.
However, now I need a sftp_app user which can read and write in all /sftp/chroot/ user directory.
To read / write file and move file into a DONE folder on each user directory.
Everything work well for the moment, but I don't know how to make the configuration for the sftp_app user.
Could you help me?
This is more information about my configuration:
report_user2:x:1002:1003:N/A,N/A,N/A,N/A,N/A:/home/report_user2:/usr/sbin/nologin
report_user3:x:1003:1004:N/A,N/A,N/A,N/A,N/A:/home/report_user3:/usr/sbin/nologin
report_user4:x:1004:1005:N/A,N/A,N/A,N/A,N/A:/home/report_user4:/usr/sbin/nologin
report_user5:x:1005:1006:N/A,N/A,N/A,N/A,N/A:/home/report_user5:/usr/sbin/nologin
In /sftp/
drwxr-xr-x 3 root root 4,0K Sep 5 12:36 MY_COMPANY
IN /sftp/MY_COMPANY
drwxr-xr-x 3 root root 4,0K Sep 5 12:36 chroot
Inside chroot all user have their own directory named with their username
d-wx------ 2 report_user1 report_user1 4,0K Sep 8 09:24 report_user1
So all user can access their own folder, without capability to list file but only to write file in their own directory.
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
Subsystem sftp internal-sftp
Match User report_user1,report_user2,report_user3,report_user4,report_user5
ForceCommand internal-sftp
PasswordAuthentication no
ChrootDirectory /sftp/MY_COMPANY/chroot/
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
PubkeyAuthentication yes
The SFTP server will received .txt or .csv file. However, I'would like also to restrict to only such extension, bu I don't know how...
Regards.
I've installed open ssh, I've created my key pair.
I've configured sshd_config, to allow only certificate authentication, and for each user I created a match user block with specific configuration: user sftp-service, use publikey, no X11, no tunnel etc.
I've created mu users, with no login option, I've created the .ssh with authorized_keys files according to permission
Chown myuser:myuser /home/mysuser
Chmod 700 /home/myuser
Chmod 600 /home/myusers/.ssh/authorized_keys.
I've also create a chroot directory
/sftp/chroot/
With inside a directory for all users
/sftp/chroot/myuser1
/sftp/chroot/myuser2
/sftp/chroot/myuser3
...
The sshd_config is configured accordingly.
However, now I need a sftp_app user which can read and write in all /sftp/chroot/ user directory.
To read / write file and move file into a DONE folder on each user directory.
Everything work well for the moment, but I don't know how to make the configuration for the sftp_app user.
Could you help me?
This is more information about my configuration:
- All users have their own puclic key for login
- all users are in their own group
report_user2:x:1002:1003:N/A,N/A,N/A,N/A,N/A:/home/report_user2:/usr/sbin/nologin
report_user3:x:1003:1004:N/A,N/A,N/A,N/A,N/A:/home/report_user3:/usr/sbin/nologin
report_user4:x:1004:1005:N/A,N/A,N/A,N/A,N/A:/home/report_user4:/usr/sbin/nologin
report_user5:x:1005:1006:N/A,N/A,N/A,N/A,N/A:/home/report_user5:/usr/sbin/nologin
- My sftp folder is configured like this:
In /sftp/
drwxr-xr-x 3 root root 4,0K Sep 5 12:36 MY_COMPANY
IN /sftp/MY_COMPANY
drwxr-xr-x 3 root root 4,0K Sep 5 12:36 chroot
Inside chroot all user have their own directory named with their username
d-wx------ 2 report_user1 report_user1 4,0K Sep 8 09:24 report_user1
So all user can access their own folder, without capability to list file but only to write file in their own directory.
- My sshd_config is configured with:
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
Subsystem sftp internal-sftp
Match User report_user1,report_user2,report_user3,report_user4,report_user5
ForceCommand internal-sftp
PasswordAuthentication no
ChrootDirectory /sftp/MY_COMPANY/chroot/
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
PubkeyAuthentication yes
- Now, I need to have a user which will be used by an application to read all files and inject data in a database. This is why the user should have acces in read mode to all user folders. But also in write mode, as once injected in database files must be renamed as FILE_NAME.done
The SFTP server will received .txt or .csv file. However, I'would like also to restrict to only such extension, bu I don't know how...
Regards.
