how to configure sftp account on ubuntu server

Summary: In This tutorials i explained how to configure your sftp accounts on ubuntu 12.04 servers. You can create users and gives limited access to the ftp users. Below are the general procedure how to do it.

Install the dependencies.

sudo apt-get install acl


Edit /etc/ssh/sshd_config and comment out the line:

Subsystem sftp internal-sftp -u 0002

Add the following at the bottom of the file:

Subsystem sftp internal-sftp

UsePAM yes
Match User ftpblog
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no

then restart SSH:
$ /etc/init.d/ssh restart

# Create user, creating home directory in /home as well

useradd -m username  /usr/sbin/useradd -m username

chown root.root /home/username

chmod 0755 /home/username

# Make directory to set up “bind mount” connection

mkdir -p /home/username/directoryToAccess

sudo mkdir -p /home/ftpuser/userdirectory

# Configure and attach the “bind mount” this is to increase the server security.

echo “/var/www/vhosts/sitename/directoryToAccess /home/username/directoryToAccess none bind 0 0” >> /etc/fstab mount /home/username/directoryToAccess

# Add SSHd configuration for user: you have to do it manually for every user you want to create for ftp access.

echo >> /etc/ssh/sshd_config << _EOD_

Match User username

ForceCommand internal-sftp

ChrootDirectory %h

AllowTcpForwarding no

X11Forwarding no


service ssh reload

ps aux | grep ssh

# The lines from here down are tailored to wordpress and not strictly necessary — please observe security best practices for the software package you are using when configuring permissions.

# Set permissions on files — note, if multiple people need access to this directory, add additional setfacl lines where the default:user:username and user:username portions match the additional user. ie, ftpblog and ftpblog2

chown -R username.www-data /home/username/directoryToAccess

setfacl -R -m default:user:username:rwX /home/username/directoryToAccess

setfacl -R -m user:username:rwX /home/username/directoryToAccess

setfacl -R -m default:user:www-data:rwX /home/username/directoryToAccess

setfacl -R -m user:www-data:rwX /home/username/directoryToAccess

# Configure WordPress best practice permissions

find /home/username/directoryToAccess -type f -print0 | xargs -0chmod 0664

find /home/username/directoryToAccess -type d -print0 | xargs -0 chmod 02775

# Add the following three lines to the site’s wp-config.php vi /home/ftuserdirectory/wpdirectory/wp-config.php

# These tell WordPress to use direct file access and preserve our recommended permissions




# All these are for wordpress for other opensource software you can add the permission as required by the application.

ls -all /home/ftpuserdirectory/userdirectory/ now run the following command

getfacl /home/ftpuserdirectory/userdirectory/ chown root.root /home/ftpwarenkunde/

chmod 0755 /home/ftpuserdirectory/

ls -all /home/ftpuserdirectory/ passwd ftpuserdirectory

service sshd reload.

Now open your filezilla client and access the server. In address always gives sftp://ipaddress of your server username ftpuser password secret click on connect. You are now connected to the server through ftpclient.

I am thankful to AD Rutledge from Rackspace Support Team for support and assistance in this tutorial.

If any one have an issue comments here. we will bring a solution for you.

Leave a Reply

Your email address will not be published. Required fields are marked *