Updated on: 5.Dec.2020
SSH allows the server administrator to dial-in to the server and managing the server. If you are using cloud server, SSH service should have already been installed.
To check the SSH status, run the following command,
sudo systemctl status ssh
To install SSH, run the following command,
sudo apt install ssh
To dial in to the remote server,
- With Windows OS, install PuTTy - key in your server IP address and press Enter. Key in your Ubuntu login ID & password.
- With Mac OS, run Terminal and execute “ssh user@myhostname” - then, key in your password.
Reference:
The following URL (step 1 to 3) shows you how to restrict the user from using SFTP (SSH will be disabled). In this case, the user may run FileZilla and upload/download files using SFTP protocol.
http://www.howtoforge.com/restricting-users-to-sftp-plus-setting-up-chrooted-ssh-sftp-debian-squeeze
To configure the SFTP access (without SSH access):
cd /etc/ssh
sudo nano sshd_config
* Replace the “Subsystem” with the following value:
Subsystem internal-sftp
Then, add the following lines to the bottom of the file where “ftpuser” is the OS user ID and “/home/ftpuser” is the user directory.
Repeat the whole section for every user
Match User ftpuser
ChrootDirectory
/home/ftpuser
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
Make sure that “/home/ftpuser” is own by “root”, update the access right and then create a “doc” directory which is own by ftpuser. Finally, restart the service.
sudo chmod 700 /home/ftpuser
sudo chown root:root /home/ftpuser
sudo mkdir /home/ftpuser/doc
sudo chown ftpuser:ftpuser /home/ftpuser/doc
sudo service ssh restart
To restrict the user from access SFTP only (do this after you have added the user):
sudo nano /etc/passwd
Then, change the shell for the session:
/bin/sh
To
/usr/lib/openssh/sftp-server
You may continue with this article: hardening SSH
No comments:
Post a Comment