In this mini tutorial, I will be adding the user kareem to the system, and allow kareem to sftp into a web directory where he can post his web design work, as usual, the steps first, then whatever explanations !
There are two ways to do this, one to add one user, the other to add a group of users, you can either pick one, or do both !
The part in common between both solutions
apt-get install openssh-server adduser kareem Then enter a new password twice for kareem
The interesting thing about this sftp user business is that the directory we will specify as the root for the user kareem has to be owned by root ! so go ahead and create the directory /var/www/html/usr/kareem, then execute the following commands
chown root:root /var/www/html/usr chmod 755 /var/www/html/usr chown kareem:kareem /var/www/html/usr/kareem
Now, the user kareem owns a directory within his root directory that he can write to, and can not write outside that directory since he does not have the OS permissions, Now, let us add kareem to the list of people who have sftp access but not ssh access.
Edit /etc/ssh/sshd_config and append the following to the document
Match User kareem ForceCommand internal-sftp PasswordAuthentication yes ChrootDirectory /var/www/html/usr PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no
Now, restart the service by executing the following command
systemctl restart ssh
You are done, try connecting with something like winSCP
Besides winSCP, you can also simply mount the linux filesystem where you have permissions on your windows machine, here are the complete instructions on how to do that https://www.qworqs.com/2022/10/09/mounting-a-remote-linux-file-system-as-a-windows-drive/