Allow scp/ssh for www-data user
Solution 1
On Debian, which Ubuntu is based on, the www-data user has /bin/sh as the default shell. To enable SFTP, you can create /var/www/.ssh/authorized_keys
with you public key in it. The permissions on /var/www/.ssh
should be 700, and the permissions on the authorized_keys file should be 600. You'll want to add the following to your http configuration to prohibit access to this directory.
<Directory /var/www/.ssh>
Order Deny,Allow
Deny from all
</Directory>
You can verify the www-data users settings (home dir, shell, etc) using getent passwd www-data
.
Make sure your sshd_config has Subsystem sftp /usr/lib/openssh/sftp-server
, and you'll probably want to set PasswordAuthentication no
also.
Solution 2
This is kind of insecure. I would suggest you to upload to an intermediate area using another user and run a cron
job from time to time to move stuff where it belogs and change its permissions accordingly.
If you really insist on logging on as www-data
, you must use a ssh private key to do that (AFAIK EC2 instances only allow key authentication). You must also check that www-data
has a valid shell on /etc/passwd
and a valid home dir.
In the end, you can also try some solutions of this question.
Related videos on Youtube
Comments
-
Anup over 1 year
I am on Amazon EC2 using Ubuntu 10.04.2
My web folder is owned by www-data so I want to be able to log into my server as www-data for ssh and scp.
Thanks!
Adding the line to my /etc/ssh/sshd_config does not seem to work.
AllowUsers www-data
-
Anup about 13 yearsI was planning on using a ssh private key to do that. But if I use cron to copy the files over, wouldn't it be a bit slow because I would have to wait for the cron script to copy it over. Also, I wouldn't be able to upload files. What I really want is something like FTP for www-data but secure like scp.
-
coredump about 13 yearsThe other solutions I give are feasible, I only don't like the idea.
-
Aido about 3 years⚠ WARNING ⚠
sudo usermod -G
replaces all of your groups. You wantsudo usermod -a -G
. I almost lostsudo
access on my server.