How do I setup ftp/sftp on aws
If you don't want to use AWS Transfer for SFTP, it is possible to set up your SFTP server directly from an EC2 instance.
If you follow correctly these instructions you should be able to create your SFTP users quite easily. In my specific case I used a micro T2 instance with Ubuntu 18.04
- Let's install
openSSH
sudo apt-get install openssh-server
- You need to create a specific group where you will jail the users.
sudo groupadd sftpusers
- Edit
/etc/ssh/sshd_config
using vim or nano
Comment out#Subsystem sftp /usr/lib/openssh/sftp-server
Then instead, addSubsystem sftp internal-sftp
to allow SFTP connections into your server
Lastly, at the end of the file specify the new group configurations
Match group sftpusers
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
PasswordAuthentication yes
- At this point your
/etc/ssh/sshd_config
should look like:
(...)
#Subsystem sftp /usr/lib/openssh/sftp-server
(...)
Subsystem sftp internal-sftp
Match group sftpusers
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
PasswordAuthentication yes
- You need to restart the ssh service to apply the changes.
sudo service ssh restart
- Now you should be set-up to create a new user.
Follow the different instructions of the command below and input the user password.
sudo adduser user1
- Let's add our new user to the sftp group we created earlier.
sudo usermod -g sftpusers user1
sudo usermod -s /bin/nologin user1
- At this point, the last thing we need to do is jail our user inside the
/home/<user>
directory.
sudo chown root:user1 /home/user1
sudo chmod 755 /home/user1
You can create new folders that belongs to the user using
sudo mkdir /home/user1/new_folder
sudo chown user1:user1 /home/user1/new_folder
sudo chmod 755 /home/user1/new_folder
I created this repo few days ago that automate this process
Related videos on Youtube
![user11020868](https://lh6.googleusercontent.com/-DxvazvbHJkA/AAAAAAAAAAI/AAAAAAAAAAA/ACevoQN-gXFWaq7LONWpG_U_A9lUEI1RXw/mo/photo.jpg?sz=256)
user11020868
Updated on September 18, 2022Comments
-
user11020868 almost 2 years
I want to shares files with a client over the internet and am looking into ftp solutions on aws. I have tried aws sftp, but setting role policies is awkward and the service seems a bit costly for my basic use case. Is there an alternate way to setup an ftp server on EC2 or S3 that non-aws users can access. I want to add read permissions for different users for different subdirectories. I am using macosx.
I tried following instructions on https://stackoverflow.com/questions/7052875/setting-up-ftp-on-amazon-cloud-server but it is not clear how I can permission non-aws users to see my files and I couldn't get vsftpd working.
Is there a recommended/standard aws setup for sharing files with non aws users, preferably securely (sftp). I would be sharing updated files a few times a day every day with hundreds of users.
-
Martin Prikryl over 5 years"without much luck" does not tell us anything about the problems that you are facing.
-
user11020868 over 5 yearsapologies, I updated the problem description, but still don't think the instructions I followed for ec2 would give me what I am looking for so I posed the question more generally.
-
Seth over 5 yearssftp seems to be available out of the box if you use a regular FTP setup you need to setup the appropriate users and permissions that includes non-aws users. How to do that depends on the application.
-
Martin Prikryl over 5 yearsIf you already have EC2 Linux server, you do not need to use Amazon SFTP transfer feature. Just use a built-in SFTP Linux server.
-
user11020868 over 5 years@MartinPrikryl Are there recommended instructions for doing so from macos? I still want to maintain access to s3 bucket from server.
-
-
Martin Prikryl about 5 yearsWhat does vsftpd have to do with SFTP? vsftd is FTP server!
sshd_config
is a configuration file for OpenSSHsshd
, not vsftpd. You mix two completely unrelated pieces of software. -
smallwat3r about 5 yearsThanks for spotting this @MartinPrikryl. I've mingled with OpenSSH, I edited my post.
-
Martin Prikryl about 5 yearsGood. Though are you sure, you need to install
openssh-server
? Every Linux comes with OpenSSH, doesn't it? -
user1737079 about 5 yearsit worked for me as a charm. Big thanks. Any idea as how to restrict number of connections in the SFTP server configured?
-
George Cimpoies over 2 yearsIf I want my client to be able to upload files to my sftp, shouldn't the permissions on the folder be 775 instead of 755? chown root:sftpusers /var/sftp chmod 775 /var/sftp this way the sftpusers group has write access as well, while with 755 they would have read and execute. Is there a security concern for having execute rights over the folder? Considering that ssh access is disabled and sftp access is enabled? Thanks!