Atlantic.Net Blog

How to Create a SFTP User without Shell Access on CentOS 8

Hitesh Jethva
by Atlantic.Net (64posts) under VPS Hosting
0 Comments

SFTP stands for “SSH File Transfer Protocol.” SFTP is a file transfer protocol used to transfer files between two servers. By default, SFTP allows you to transfer files on all servers that have SSH access enabled. However, it will grant terminal access to all users and this is not recommended for security reasons.

In this tutorial, we will learn how to create an SFTP user without shell access so that the user has only SFTP access and not SSH access.

Prerequisites

  • A fresh CentOS 8 VPS on the Atlantic.net Cloud Platform.
  • A root password configured on your server.

Step 1 – Create Atlantic.Net Cloud Server

First, log in to your Atlantic.Net Cloud Server.  Create a new server, choosing CentOS 8 as the operating system with at least 1GB RAM. Connect to your Cloud Server via SSH and log in using the credentials highlighted at the top of the page.

Once you are logged into your CentOS 8 server, run the following command to update your base system with the latest available packages.

dnf update -y

Step 2 – Create an SFTP User

First, you will need to create a new user with only file transfer access. You can create a new user named sftp using the following command:

adduser sftp

Next, set the password for the above user:

passwd sftp

Provide your desired password and hit enter.

Step 3 – Create a Directory Structure for File Transfers

Next, you will need to create a directory structure for file transfer to restrict SFTP access to one directory.

You can create a new directory with the following command:

mkdir -p /opt/sftp/public

Next, set the ownership of the /opt/sftp/ directory to root:

chown root:root /opt/sftp

Next, give proper permissions with the following command:

chmod 755 /opt/sftp

Next, set the ownership of the public directory to the sftp user:

chown sftp:sftp /opt/sftp/public

Step 4 – Configure SSH for SFTP

Next, you will need to configure SSH to restrict access to one directory and disallow terminal access to the sftp user.

You can do it by editing the file /etc/ssh/sshd_config:

nano /etc/ssh/sshd_config

Add the following lines at the end of the file:

Match User sftp
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /opt/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

Save and close the file when you are finished. Then, restart the SSH service to implement the changes:

systemctl restart sshd

Step 5 – Verify SFTP

Now, verify the SFTP access with the following command:

sftp [email protected]

You will be asked to provide a password as shown below:

[email protected]'s password:

Provide your sftp user password and hit Enter. Once connected, you should see the following output:

Connected to your-server-ip.
sftp>

Next, run the following command to list the directory:

sftp> ls

You should see the public directory in the following output:

public 
sftp>

Next, verify whether you are able to make SSH connection or not:

ssh [email protected]

You will be asked to provide a password as shown below:

[email protected]'s password:

Provide your sftp user password and hit Enter. You should see the following output:

This service allows sftp connections only.
Connection to your-server-ip closed.

The above output indicates that sftp user can no longer access the server shell via SSH.

Conclusion

Congratulations! You have successfully configured SFTP without shell access on CentOS 8. You can also use this setup for multiple users and directory. Get started with SFTP today on a VPS from Atlantic.Net!

Get A Free To Use Cloud VPS

Free Tier Includes:
G2.1GB Cloud VPS Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year


Looking for a Hosting Solution?

We Provide Cloud, Dedicated, & Colocation.

  • Seven Global Data Center Locations.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now! Med Tech Award FTC
SOC Audit HIPAA Audit HITECH Audit

Recent Posts

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G2.1GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year


New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Resources