Question
Newbie - How to add an SFTP user (using SSH key to login) who has access to specific folder in the server?
- Posted September 11, 2014
Hi, I managed to create a droplet with SSH public/private keys from the beginning using this tutorial. Obviously, those SSH keys are assigned only for ‘root’ user, so I’d like to add an additional sudo user who can access ONLY /var/www/website.com/html (the default folder for the site’s frontend) folder using Filezilla SFTP with SSH key (no password allowed).
So the question is, how do I pull this off? Is there any tutorial that addresses this? Can the sudo user share the same public/private SSH keys as root? If not, how do I add additional keys without interfering with the existing ones? Thanks in advance!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
To limit an SFTP user to a specific directory, you can edit /etc/ssh/sshd_config to include:
Match User username
ChrootDirectory /var/www/website.com/html
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
Then restart ssh:
service ssh restart
If you want the same public key that can access your root account to also be able to access the new user account, you can copy over the authorized_keys file. Run:
mkdir -p /home/username/.ssh/
cp /root/.ssh/authorized_keys /home/username/.ssh/authorized_keys
This comment has been deleted