How to configure SSH keys for restricted sftp user

How to configure SSH keys for restricted sftp user

SSH keys are long and complex than a password, lot more complex. Due to some of these reasons, using ssh key is a lot more secure than using a password. In this article, we’ll see how we can configure ssh keys for sftp users.

If you do not have SFTP server running, have a look at these two articles for in detailed tutorials:

Configuring ssh keys for user

Due to our configuration and restricted permissions, our sftp user itself cannot add ssh keys itself. So, log onto sudo or root user for this purpose.

We’ll now create .ssh directory for our “wpbackup” user

mkdir /home/wpbackup/.ssh

Next, we need to create authorized_keys file inside this directory. You can use your favorite text editor. Insert your public keys inside this file and save it.

Testing our ssh keys

$ sftp wpbackup@SERVER_IP
Connected to SERVER_IP.

Voila, here we go, no password prompts. To add to this, we will now have to disable password login for this user.

Open /etc/ssh/sshd_config add the following line after “Match group sftpgroup”

PasswordAuthentication no

Save the file and restart sshd service.

[sudo] service sshd restart

Now, if wpbackup tries to login to sftp using password, they will with similar error:

$ sftp wpbackup@SERVER_IP
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
Couldn't read packet: Connection reset by peer

That’s it, folks!


Leave a Reply

Your email address will not be published. Required fields are marked *