Some of the developers from Nautilus project team have asked for SFTP access to at least one of the app server in Stratos DC. After going through the requirements, the system admins team has decided to configure the SFTP server on App Server 2 server in Stratos Datacenter. Please configure it as per the following instructions:
a. Create an SFTP user kirsty and set its password to TmPcZjtRQx.
b. Password authentication should be enabled for this user.
c. Set its ChrootDirectory to /var/www/apps.
d. SFTP user should only be allowed to make SFTP connections.
Sample Answer:
#login to correct app server ( check your question)
ssh <user>@<app-server-IP>
#switch to root user
sudo su
#create the SFTP user and set password as per the question ( check your question)
adduser --shell /bin/false <SFTP-user-name>
passwd < SFTP-user-name>
#create directoty as per the question
mkdir -p /var/www/apps
#set newly created SFTP user as the owner for this directory.
chown <your sftpuser>:<your sftpuser> /var/www/apps
#set owner and read/write permission for root user
chown root:root /var/www
chmod 755 /var/www
#now do the require sftp configuration as below on sshd_conf file
vi /etc/sshd/sshd_config
# override default of no subsystems
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
Match User <your sftpuser from your question>
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/www
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
press Esc and type :wq! for save
#restart sshd service
systemctl restart sshd
#Testing ( you have to give the sftp user password to access )
sftp <your sftpuser>@localhost
#from jump host
sftp <your sftpuser>@<app-server-IP>
*Please comment on this post if you are facing any issues in the steps, also provide your feedback in the comments :)
No comments:
Post a Comment