Creating an SFTP user for www server

From Apoyar Wiki
Jump to navigation Jump to search

Creating SFTP Access on Server


Login to server, on which need to create SFTP access


Go to below path and create folder, where need to upload data


• cd /var/www

• mkdir uploads


Copy neal and nagios key’s from Nagios server(nagios.apoyar)

• scp neal nagios username@servername /home/neal/


move both keys to sshkeys folder

• mv neal nagios /usr/share/sshkeys


change nagios owner

• chown nagios:nagios nagios


change permission for neal and nagios

• chmod 600 *


Create simlink and restart sshd


• ln -s /usr/share/sshkeys/nagios /home/nagios/.ssh/authorizedkeys


• ln -s /usr/share/sshkeys/neal /home/neal/.ssh/authorizedkeys


• systemctl restart sshd



Create user apoyarsftp


• useradd -m -d /var/www/uploads/ -G www-data /usr/sbin/nologin apoyarsftp


Add user to www-data group


• usrmod -a -G apoyarsftp www-data


Go to home folder

• cd /home/

• vi /etc/ssh/sshd.config


Go to last & add below lines there


Match User sftpuser

ChrootDirectory folderpath

X11Forwarding no

AllowTcpForwarding no

ForceCommand Internal-sftp

edit username and folderpath

sftpuser – apoyarsftp

folderpath - /var/www/uploads/

save file :wq!


• systemctl restart sshd


Set password for apoyarsftp user


• Passwd apoyarsftp

Qwerty1!


Change owner and permission for uploads folder


• Cd /var/www

• chown -R apoyarsftp apoyarsftp:apoyarsftp uploads/

• chown root:root uploads/

• chmod 755 uploads/


Create .ssh folder under uploads and change owner and permission for .ssh folder


• cd uploads/

• mkdir .ssh

• chmod -R 700 .ssh/

• chown –R apoyarsftp:apoyarsftp .ssh/



Go to below path and generate key


• cd /usr/share/sshkeys

• ssh-keygen

Enter file name - ./apoyarsftp


• mv apoyarsftp /home/neal

• mv apoyarsftp.pub apoyarsftp


Change owner and permission for apoyarsftp


• chown apoyarsftp:apoyarsftp apoysrsftp

• chmod 600 apoyarsftp


Create simlink

• ln –s /usr/share/sshkeys/apoyarsftp /var/www/uploads/.ssh/authorizedkeys


Create subfolder under uploads folder and change owner for that folder


• cd /var/www/uploads

• mkdir private

• chown –R apoyarsftp:apoyarsftp private


Go to mercury.apoyar server and create new host under bleckmann


• Name - sftp

• IP address - Server IP adreess


Click Add host


Go to bleckmann server and add DNS record to hostfile

• cd /home/neal

• vi /etc/hosts 

And add below entry

Server IP address sftp.bleckmann.apoyar

Save the file (:wq1!)

Now connect server try uploading files.

Retrieved from ‘https://wiki.apoyar.eu/index.php?title=Creating_an_SFTP_user_for_www_server&oldid=203