Frequently Asked Question

Adding SFTP to AlmaRHEL
Last Updated 25 days ago

Adding SFTP to AlmaRHEL

Installing SFTP on AlmaLinux

1. Ensure SSHD is Installed

Since SSHD is already installed as a standard component, we'll proceed with setting up SFTP for file transfers.

2. Create the SFTP Group

First, create a group to handle SFTP access:

sudo groupadd sftpusers

3. Add Users to the SFTP Group

Add your users or specific user accounts to this group:

sudo usermod -aG sftpusers username

Replace username with the actual username of the account you want to add.

4. Create Home Directories for Users

Create a home directory for each user in /var/ftp (or another suitable directory like /var/www):

sudo mkdir /var/ftp/home/username
sudo chown root:sftpusers /var/ftp/home/username

Change the permissions to allow read/write access:

sudo chmod 750 /var/ftp/home/username

Repeat these steps for each user you wish to add.

5. Configure SFTP in SSHD Configuration File

Edit /etc/ssh/sshd_config to configure SFTP and set up appropriate restrictions:

sudo nano /etc/ssh/sshd_config

Add or modify the following lines:

  Subsystem sftp internal-sftp
  Match Group sftpusers
    ChrootDirectory /var/ftp/home/%u
    AllowTcpForwarding no
    ForceCommand internal-sftp
  • Ensure these options are present with correct settings (replace username as needed):
  # Allow users in this group to use SFTP only (no shell access)
  PermitUserEnvironment no
  UsePAM yes
  PasswordAuthentication yes
  • Ensure the following lines are set correctly:

6. Disable Shell Access for SFTP Users

To ensure that users cannot log in via the command line, add or modify:

Match Group sftpusers
  ChrootDirectory /var/ftp/home/%u
  AllowTcpForwarding no
  ForceCommand internal-sftp

7. Restrict Access to Specific Directories (Optional)

If you want to restrict users to specific directories, use the ChrootDirectory directive as shown above.

8. Enable Firewalld and Configure Ports

To ensure SFTP traffic can pass through your firewall, enable firewalld if it isn't already:

sudo systemctl start firewalld
sudo systemctl enable firewalld

Add the necessary ports to the firewall rules:

sudo firewall-cmd --zone=public --add-port=22/tcp --permanent
sudo firewall-cmd --reload

The default SFTP port is 22, but you can use a different port if needed. Ensure it's correctly added to the sshd_config file.

9. Restart SSHD Service

Finally, restart the SSH service to apply changes:

sudo systemctl restart sshd

Summary

  • Created an SFTP group and added users.
  • Set up home directories for each user.
  • Configured SFTP in sshd_config.
  • Disabled shell access via SSH for SFTP users.
  • Updated firewalld rules to allow SFTP traffic.

This setup ensures secure file transfers while restricting command-line access.

This answer was generated by GEN's AI assistant and may not be 100% accurate. If you are unsure about any information provided, please raise a support ticket for clarification.
This website relies on temporary cookies to function, but no personal data is ever stored in the cookies.
OK
Powered by GEN UK CLEAN GREEN ENERGY

Loading ...