Newbie - How to add an SFTP user (using SSH key to login) who has access to specific folder in the server?

  • Posted September 11, 2014

Hi, I managed to create a droplet with SSH public/private keys from the beginning using this tutorial. Obviously, those SSH keys are assigned only for ‘root’ user, so I’d like to add an additional sudo user who can access ONLY /var/www/ (the default folder for the site’s frontend) folder using Filezilla SFTP with SSH key (no password allowed).

So the question is, how do I pull this off? Is there any tutorial that addresses this? Can the sudo user share the same public/private SSH keys as root? If not, how do I add additional keys without interfering with the existing ones? Thanks in advance!


This comment has been deleted

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

To limit an SFTP user to a specific directory, you can edit /etc/ssh/sshd_config to include:

Match User username
    ChrootDirectory /var/www/
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

Then restart ssh:

service ssh restart 

If you want the same public key that can access your root account to also be able to access the new user account, you can copy over the authorized_keys file. Run:

mkdir -p /home/username/.ssh/
cp /root/.ssh/authorized_keys /home/username/.ssh/authorized_keys