Newbie - How to add an SFTP user (using SSH key to login) who has access to specific folder in the server?

  • Posted on September 11, 2014
  • OkidokiAsked by Okidoki

Hi, I managed to create a droplet with SSH public/private keys from the beginning using this tutorial. Obviously, those SSH keys are assigned only for ‘root’ user, so I’d like to add an additional sudo user who can access ONLY /var/www/ (the default folder for the site’s frontend) folder using Filezilla SFTP with SSH key (no password allowed).

So the question is, how do I pull this off? Is there any tutorial that addresses this? Can the sudo user share the same public/private SSH keys as root? If not, how do I add additional keys without interfering with the existing ones? Thanks in advance!

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

To limit an SFTP user to a specific directory, you can edit /etc/ssh/sshd_config to include:

Match User username
    ChrootDirectory /var/www/
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

Then restart ssh:

service ssh restart 

If you want the same public key that can access your root account to also be able to access the new user account, you can copy over the authorized_keys file. Run:

mkdir -p /home/username/.ssh/
cp /root/.ssh/authorized_keys /home/username/.ssh/authorized_keys