Last active
June 17, 2020 14:48
-
-
Save NichlasB/e938cddb7876fd74af09dc00ca537a2c to your computer and use it in GitHub Desktop.
Shell Script for Setting Up SFTP Server with EasyEngine
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # WARNING: Only run this script once per server. | |
| #### | |
| ## Creating SFTP Users - Initial Setup for New Server | |
| #### | |
| #### | |
| ## Gist: https://gist.github.com/NichlasB/e938cddb7876fd74af09dc00ca537a2c | |
| ## Resource: https://easyengine.io/docs/chroot-sftp-easyengine/ | |
| ## Resource: https://www.howtoforge.com/restricting-users-to-sftp-plus-setting-up-chrooted-ssh-sftp-debian-squeeze | |
| ## Resource: https://blog.rootshell.be/2009/03/01/keep-an-eye-on-ssh-forwarding/ | |
| ## Resource: https://raymii.org/s/tutorials/Limit_access_to_openssh_features_with_the_Match_keyword.html | |
| ## Resource: https://unix.stackexchange.com/questions/286342/can-not-succeed-in-excluding-user-in-match-directive-in-sshd-config | |
| #### | |
| # Create Hosting Users Group | |
| addgroup hostingusers | |
| # Setup SFTP Server (original line: <Subsystem sftp /usr/lib/openssh/sftp-server>) | |
| sed -i "/^Subsystem sftp.*/c\Subsystem sftp internal-sftp" /etc/ssh/sshd_config | |
| # Add Chroot SSHD Match Rules to /etc/ssh/sshd_config File | |
| cat <<EOF >> /etc/ssh/sshd_config | |
| Match Group hostingusers | |
| X11Forwarding no | |
| ChrootDirectory %h | |
| AllowTcpForwarding no | |
| ForceCommand internal-sftp | |
| PasswordAuthentication yes | |
| EOF | |
| # Restart SSH Service | |
| service ssh restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Companion script - sftp-new-user.sh:
https://gist.github.com/NichlasB/9b9c79ff8e31f48ad19f652b71baf8f6