How to setup an SFTP server on Ubuntu 12.04 LTS

How to setup an SFTP server on Ubuntu 12.04 LTS

Reference: http://xmodulo.com/2013/06/how-to-set-up-secure-sftp-server-in-linux.html

Install Ubuntu 12.04, no encrypted home folder, no LVM, GRUB boot loader is okay. 

sudo passwd 

set root password

su - root

Set static IP address

cp /etc/network/interfaces interfaces.dhcp

pico /etc/network/interfaces

auto eth0

iface eth0 inet static

        address <address>

        netmask <netmask>

        gateway <gateway>

apt-get update

apt-get upgrade

Set DNS

apt-get install resolvconf

cd /etc/resolvconf/resolv.conf.d

cp -p head head.orig  #backup copy, always do this

nano head

nameserver <ip_of_nameserver>

resolvconf -u

Set Hostname

pico /etc/hosts #add name of server

pico /etc/hostname #add name of server

hostname <FQDN of the server>

/etc/init.d/networking restart

hostname

hostname -f #verify name of server

shutdown -r now

Install SFTP on UBUNTU 12.04 LTS using MySecureShell

# apt-get install libssl0.9.8 ssh openssh-server gcc make

# wget http://mysecureshell.free.fr/repository/index.php/source/mysecureshell_1.31.tar.gz

# tar xvfvz mysecureshell_1.31.tar.gz

# cd mysecureshell_1.31

# ./configure

# make

# sudo ./install.sh en 

Answer Yes to All of the Prompts

# whereis MySecureShell 

# groupadd sftp 

# useradd -m -s /usr/bin/MySecureShell -g sftp bob

# passwd bob

<Enter new password for bob>

#pico /etc/ssh/sftp_config

Group sftp>

        Download                50k     # limit download speed for each connection

        Upload                  0       # unlimit upload speed for each connection

        StayAtHome              true    # limit user to his/her home directory

        VirtualChroot           true    # fake a chroot to the home account

        LimitConnectionByUser   1       # max connection for each account

        LimitConnectionByIP     1       # max connection by IP for each account

        IdleTimeOut             300     # disconnect user if idle too long time (in sec)

        HideNoAccess            true    # hide file/directory which user has no access

</Group>

Don't forget to remove the "#" comment tag for IgnoreHidden. This will make it such that users will be unable to view system files. 

#service ssh restart

#service sshd restart

Test out the SFTP server connection.

This will show you who is connected.

# sftp-who

To disconnect a user 

#sftp-kill bob

Shell Script to add a user user
--------------------------------------------------------------------------

#!/bin/bash
# Script to add a user to Linux system
if [ $(id -u) -eq 0 ]; then
        read -p "Enter username : " username
        read -s -p "Enter password : " password
        egrep "^$username" /etc/passwd >/dev/null
        if [ $? -eq 0 ]; then
                echo -e "\n$username already exists!"
                exit 1
        else
                pass=$(perl -e 'print crypt($ARGV[0], "password")' $password)
                useradd -m -p $pass $username
                [ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!"
        fi
else
        echo "Only root may add a user to the system"
        exit 2
fi

#Add jail user to the SFTP system
usermod -s /usr/bin/MySecureShell -g sftp $username

--------------------------------------------------------------------------

Shell Script to Delete a User

--------------------------------------------------------------------------

#!/bin/sh
#script to delete an SFTP user
echo -n "Enter Username to Delete:"
read username
userdel -r $username

--------------------------------------------------------------------------

Add Scripts to be executable from anywhere

export PATH=$PATH:/root/mysecureshell_1.31

Verify environment variable has been added

/# env | grep PATH

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/mysecureshell_1.31

/root/mysecureshell_1.31