How To Enable SFTP Without Shell Access?

Enable SFTP Without Shell Access?-Blog

SFTP or SSH File Transfer Protocol is a secure way of transferring files to a server through an encrypted SSH connection. By default, SFTP is available on all servers that have SSH access enabled. SFTP is completely different from FTP (File Transfer Protocol) and is also supported by FTP clients.

Generally, SFTP allows file transfer access and shell access to all users on a system. However, there can arise situations, when you need to restrict shell access to certain users with SFTP. The below guideline can be used for this purpose.

1. Creating user account

First of all, you would need to create a user account which will be granted only file transfer to the server. In this context, we will be using the username lsuser as example. Create the username and set the required password using below commands.

adduser lsuser

passwd lsuser

2. Creating directory for file transfer and setting permissions

We now need to create the directory, which will serve as the SFTP upload directory for lsuser account. We will use /var/sftp/lsdir as the upload directory. For restricting SFTP access to the user directory only, make sure that the base directory /var/sftp/ is owned by root and /var/sftp/lsdir owned by lsuser

mkdir -p /var/sftp/lsdir

chown root:root /var/sftp

chmod 755 /var/sftp

chown lsuser:lsuser /var/sftp/lsdir

3. Configuring SSH service to restrict shell access

SSH service configuration now needs to be modified to restrict shell access for lsuser but allow file transfer access.

  • Open SSH configuration file /etc/ssh/sshd_config using a text editor such as vi

vi /etc/ssh/sshd_config

  • Scroll to the bottom of the file and add the below code snippet.

Match User lsuser
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

  • Save and close the file.
  • Restart SSH service using below command to apply the changes.

systemctl restart sshd


Rohith Krishnan

Rohith SK is an MSC computer science graduate living in Cochin, Kerala. As a technology enthusiast, he is always on the lookout for the latest trends and developments in the field, with a particular interest in cloud computing and DevOps updates. Apart from his passion for technology, Rohith SK is an avid reader and enjoys spending his free time exploring different genres of literature. He believes that reading is one of the best ways to expand one's knowledge and understanding of the world. With his expertise in computer science and a passion for technology, Rohith SK regularly contributes articles and blog posts on the latest trends and updates in the industry. His articles offer insights and valuable perspectives on the various aspects of cloud computing and DevOps, and are widely read and appreciated by readers all over the world. As an experienced technology writer and researcher, Rohith SK's articles are well-researched, informative, and easy to understand, making them accessible to readers of all levels of technical knowledge. Whether you're a beginner looking to learn more about the latest trends in technology, or an experienced professional seeking insights and updates, Rohith's articles are sure to provide valuable information and insights.

Leave a Reply