14

I've created a user and made his home directory /var/www/mysite/ftpdir

I've also added a Match user entry for this user in sshd_config with a ChrootDirectory that points to /var/www/mysite

I've restarted ssh to pick this up.

When I log in with sftp - the user still goes to the user's old directory ie /home/user

What am I missing?

hawkeye
  • 3,877

3 Answers3

18

This is the process:

  1. Add the user to the group: sudo usermod -aG www blub as in Whats the simplest way to edit and add files to "/var/www"?

    or just use sudo adduser <username> www-data

  2. Install vsftpd sudo apt-get install vsftpd

  3. Configure vsftpd for remote access: sudo nano /etc/vsftpd.conf and inside the file set

    chroot_local_user=YES

    and ensure this is commented out:

    #chroot_list_enable=YES

    as per documentation.

  4. Restart nsftp: sudo service vsftpd restart

  5. Configure the user's home directory to the web directory (not in /home):

    sudo usermod -d /var/www/mysite/ftpaccessdir <username>

  6. Configure ssh chroot

    sudo nano /etc/ssh/sshd_config

    add the following to the end:

    Subsystem  sftp  internal-sftp
Match user <username>
    ChrootDirectory /var/www/site
    ForceCommand internal-sftp
AllowTcpForwarding no

    and ensure that further up in the file that this is commented out (ie before the one you just added)

    #Subsystem sftp /usr/lib/openssh/sftp-server

  7. Restart ssh

    sudo service ssh restart

  8. Change the permissions for apache:

    chown root:root /var/www
chown root:root /var/www/site
chmod 755 /var/www

    As in the docs here.

  9. Ensure that your directory has www-data access

    sudo chown -R www-data:www-data /var/www/site
chmod 755 /var/www/site
Community
  • 1
hawkeye
  • 3,877
  • 2
    I have followed these instruction, but I got connection refused at end when I add these lines Subsystem sftp internal-sftp

    Match user

    ChrootDirectory /var/www/site

    ForceCommand internal-sftp

    AllowTcpForwarding no

     – Ata Jun 12 '14 at 08:14
  • 1
    I also have the same problem with Ubuntu 14.04 – torayeff Oct 17 '14 at 06:51
  • I have the same problem too! – maxisme Mar 17 '15 at 16:13
  • 4
    How come at Step 9 you have chown root:root /var/www/site only to revert it back to sudo chown -R www-data:www-data /var/www/site at Step 10 is this deliberate? – JohnnyQ Jul 14 '16 at 14:41
  • This is not working for me – Linga Nov 28 '16 at 11:44
  • 1
    What the point of vsftpd if you're configuring sftp access using SSH? – s3v3n Aug 16 '19 at 09:28
4

I've a simple method and that worked for me for apache.

sudo useradd -d /var/www demo_user -g www-data
sudo passwd demo_user
sudo service ssh restart

That's it in case you still face permission issue use chmod and chown to address them according to your needs.

Imran Zahoor
  • 197
2

If you are getting connection refused error at end then make sure that "Subsystem sftp internal-sftp" is place after "UsePAM yes". If not then update and Restart ssh and it worked.

Needhi Agrawal
  • 121