If you don't want to use AWS Transfer for SFTP, it is possible to set up your SFTP server directly from an EC2 instance.
If you follow correctly these instructions you should be able to create your SFTP users quite easily. In my specific case I used a micro T2 instance with Ubuntu 18.04
- Let's install
openSSH
sudo apt-get install openssh-server
- You need to create a specific group where you will jail the users.
sudo groupadd sftpusers
- Edit
/etc/ssh/sshd_configusing vim or nano
Comment out#Subsystem sftp /usr/lib/openssh/sftp-server
Then instead, addSubsystem sftp internal-sftpto allow SFTP connections into your server
Lastly, at the end of the file specify the new group configurations
Match group sftpusers
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
PasswordAuthentication yes
- At this point your
/etc/ssh/sshd_configshould look like:
(...)
#Subsystem sftp /usr/lib/openssh/sftp-server
(...)
Subsystem sftp internal-sftp
Match group sftpusers
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
PasswordAuthentication yes
- You need to restart the ssh service to apply the changes.
sudo service ssh restart
- Now you should be set-up to create a new user.
Follow the different instructions of the command below and input the user password.
sudo adduser user1
- Let's add our new user to the sftp group we created earlier.
sudo usermod -g sftpusers user1
sudo usermod -s /bin/nologin user1
- At this point, the last thing we need to do is jail our user inside the
/home/<user>directory.
sudo chown root:user1 /home/user1
sudo chmod 755 /home/user1
You can create new folders that belongs to the user using
sudo mkdir /home/user1/new_folder
sudo chown user1:user1 /home/user1/new_folder
sudo chmod 755 /home/user1/new_folder
I created thisthis repo few days ago that automate this process: https://github.com/smallwat3r/manage-jailed-sftp-users