Ubuntu: Setup sftp user account and restric read/write access to one folder



Question:

I would like to create sftp user account on Ubuntu server which has read/write access only to one specific folder. I would like this user to have rights to transfer files up and from my server via sftp. My server is hosted on Digital Ocean.

I have followed this tutorial on Digital Ocean which seems to do exactly what I want but I got stuck at Step 4.

Step 4 says that you try this command:

ssh sammyfiles@localhost  

And result should be:

Error message  This service allows sftp connections only.  Connection to localhost closed.  

Instead my result is:

packet_write_wait: Connection to 207.154.238.143 port 22: Broken pipe  Connection closed  

Next it instructs running this, which should obviously work:

sftp sammyfiles@localhost  

The result should be:

SFTP prompt  Connected to localhost.  sftp>  

but instead I get:

forge@BitCloud:~$ sftp misjah@localhost  misjah@localhost's password:   packet_write_wait: Connection to 127.0.0.1 port 22: Broken pipe  Couldn't read packet: Connection reset by peer  

I get the same message if I want to sftp with this newly created user from outside:

prmbair:~ primozrome$ sftp misjah@207.xxx.xxx.xxx  misjah@207.xxx.xxx.xxx's password:   packet_write_wait: Connection to 207.154.238.143 port 22: Broken pipe  Connection closed  prmbair:~ primozrome$   

What am I doing wrong?

Update from comments: Seems like problem is in the sshd_config - ChrootDirectory line. If I use ChrootDirectory %h then sftp to users home directory works, but if I use ChrootDirectory /home/user/uploads (to restrict only to one folder) then:

packet_write_wait: Connection to 127.0.0.1 port 22: Broken pipe.   Couldn't read packet: Connection reset by peer.   

Any idea?


Solution:1

I think there is a mistaken about the rights...

Could you show us the return of the command ls -l in your directory /var/sftp please ?

I think /var/sftp have 755 rights but not /var/sftp/uploads because the chmod command isn't recursive if we don't tell it, so you would have to type : sudo chmod 755 -R /var/sftp (the -R parameter for recursive). With -R, all subdirectories in /var/sftp will have 755 rights.

Could you try it please ?

Good luck !


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »