Skip to main content

Setup SFTP to Public Directory (/var/www)

Configuring SSH for SFTP

  1. vim /etc/ssh/sshd_config
  2. Comment the following line:

    1. Subsystem sftp /usr/local/libexec/sftp-server
  3. Add the following lines:

    1. Subsystem sftp internal-sftp
    2. Match Group <sftp group>
    3. ChrootDirectory %h
    4. ForceCommand internal-sftp
    5. X11Forwarding no 
    6. AllowTcpForwarding no
  4. Save and close

  5. Reload ssh sudo systemctl restart sshd

Add SFTP User and Set Permission

  1. sudo groupadd <user> -g <sftp group> -s /bin/false -d /var/www/html
  2. sudo passwd <user>
  3. sudo chown root /var/www/html
  4. sudo chmod 755 /var/www/html
  5. sudo mkdir /var/www/html/<dir>
  6. sudo chmod 775 /var/www/html/<dir>
  7. sudo chown apache:apache /var/www/html/<dir>
  8. sudo chmod g+s /var/www/html/<dir>

Selinux

  1. sudo setsebool -P ssh_chroot_rw_homedirs on
  2. sudo setsebool -P httpd_unified 1
  3. sudo setfacl -d -m g:apache:rw /var/www/html/<dir>

References

  1. Spiceworks Article
  2. CentOS Docs