Connect to SFTP on CentOS Without Shell Access
First of all, before we begin this tutorial and its configuration, we will introduce SFTP so that users who are not familiar with this file transfer protocol by SSH will have a better understanding of it.
The SFTP, or the SSH File Transfer Protocol, is a file transfer protocol that is activated by default after installing Secure Shell on the Linux operating system. Using SFTP, you will be able to transfer or receive your files through a secure Linux tunnel.
This protocol is often confused with the FTP protocol or its unsecured form, but it should be noted that this protocol generally has all of its rules and conditions, and has nothing similar to the rules with FTP. Default access is provided to SFTP when the user has access to the shell, the SSH console, and the Linux Command Line Console.
Now, in this tutorial, we're going to teach Sneaker SFTP access without the need for Shell in CentOS, with the setup that runs on the Linux VPS server so you can easily give users access to the file transfer without being able to connect to Shell.
SFTP Access Without Shell in Centos
1- Connect to your Centos VPS system first through SSH and Root user.
2- Then enter the following commands to define a new username and password for it.
After entering the second command, enter the password twice to set the password on the user.
3- Now create a directory to access the SFTP for the user you want.
mkdir -p / var / sftp / files
In this command, a directory named SFTP is created and inside it is created another directory named files.
4- Give the root user permission to access these directories.
chown root: root / var / sftp
5- Then provide the necessary access to file the user to the file directory.
chown elizabet: elizabet / var / sftp / files
6- Continue to set the Elizabet user's SFTP access control to only the file directory. After connecting Elizabet to the SFTP, we will only connect to a specific DIRECTORY and not see other directories.
To do this, first, open the SSH configuration file with the Nano editor or any other editor you want.
nano / etc / ssh / sshd_config
Then copy the following statements at the end of the file.
Match User Elizabet
ChrootDirectory / var / sftp
Permit tunnel no
Note that in the Match User section, you must enter the username you created, and in the ChrootDirectory section, also enter the directory address created for this user.
Then save the file and exit.
7- Restart the service to make changes to the SSH service.
systemctl restart sshd
8- You can now connect to your Linux through WinSCP software or other SFTP or SFTP commands from another Linux user.
We have an article about configure SFTP on Ubutnu.