SFTP

SFTP Client
SFTP server example: sftp user@server

VMware SFTP server example: sftp -o Port=443 user@sftp2.engx.vmware.com

Batch mode: sftp -b batchfile user@server
 * 1) a batchfile of ‘-’ may be used to indicate standard input

Password Solution
Password Solution:

You have few options other than using public key authentication:


 * 1) Use keychain
 * 2) Use sshpass (less secured but probably that meets your requirement)
 * 3) Use expect (least secured and more coding needed)

If you decide to give sshpass a chance here is a working script snippet to do so:

export SSHPASS=your-password-here sshpass -e sftp -oBatchMode=no -b - sftp-user@remote-host << ! cd incoming put your-log-file.log bye !

SFTP Server
To provide SFTP access to linux accounts only (no shell access) change user's shell to: test:x:501:50::/ftp:/usr/libexec/openssh/sftp-server

RedHat: /usr/libexec/openssh/sftp-server

Ubuntu: /usr/lib/openssh/sftp-server

chroot SFTP
/etc/passwd: testuser:x:501:501:,,,:/:/sbin/nologin

Create group: groupadd sftpusers

/etc/ssh/sshd_config: Subsystem  sftp    internal-sftp
 * 1) Subsystem	sftp	/usr/lib/misc/sftp-server

Match Group sftpusers ChrootDirectory /data/chroot ForceCommand internal-sftp
 * 1) for group with one chroot (my favorite)

Match Group sftpusers ChrootDirectory /home/%u ForceCommand internal-sftp AllowTcpForwarding no  X11Forwarding no
 * 1) for group (alternative method)

Match User [USER] ChrootDirectory /home/%u ForceCommand internal-sftp
 * 1) for user (alternative method)

AuthorizedKeysFile     .ssh/authorized_keys
 * 1) if wanting ssh keys to work:
 * 2) AuthorizedKeysFile     %h/.ssh/authorized_keys

Force umask on ssh, add to /etc/pam.d/sshd: session   optional     pam_umask.so umask=2002

Restart SSH: service sshd restart # RHEL service ssh restart # Debian

Set root folder permissions (required for chroot) chown root.root /data/chroot chmod 755 /data/chroot
 * 1) To avoid this error: "fatal: bad ownership or modes for chroot directory"
 * 2) chown root.root /home/[USER]
 * 3) chmod 755 /home/[USER]

Create a pub directory: mkdir /data/chroot/pub chmod 2775 /data/chroot/pub chown nobody.sftpusers /data/chroot/pub
 * 1) chown nobody.nogroup /data/chroot/pub  # match samba

Create user: adduser [USER]

Set user's home path to '/' and disable shell login: usermod -d / [USER] usermod -s /sbin/nologin [USER] Add user to the sftpusers group: usermod -a -G sftpusers [USER] usermod -a -G nogroup [USER] # match samba
 * 1) usermod -a -G sftpusers,nogroup [USER]

References:
 * SFTP Server - Gentoo Linux Wiki - http://en.gentoo-wiki.com/wiki/SFTP_Server
 * How to setup ssh's umask for all type of connections - Server Fault - http://serverfault.com/questions/228396/how-to-setup-sshs-umask-for-all-type-of-connections