SFTP installation Manuals
- Install ubuntu and applications SSH apache2 and mount the HDD create folders as below.
#sudo mkdir /SFTP
#sudo vim /etc/fstab
/dev/sdb1 /SFTP/ ext4 defaults 0 0
#sudo mount –a
#sudo mkdir /SFTP/sftp
- Set hostname
# sudo vim /etc/hostname
Gcubeftp.gc-solutions.net
- Assign IP address and add a group.
#sudo vim /etc/network/interface
auto p8p1
iface p8p1 inet static
address 192.168.2.30
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
dns-nameservers 192.168.2.2
dns-search gc-solutions
#sudo addgroup sftpusers
- Configure SSH comment # “Subsystem sftp /usr/lib/openssh/sftp-server” and add below line at the end of the file.
#sudo vim /etc/ssh/sshd_config
Subsystem sftp internal-sftp
Match group sftpusers
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
PasswordAuthentication yes
- Configure apache remove all lines from top of the file till the line “SSLCertificateChainFile” and add below lines.
#sudo vim /etc/apache2/sites-available/default-ssl.conf
ServerName localhost
<VirtualHost *:80>
ServerName gcubeftp.gc-solutions.net
Redirect / https://gcubeftp.gc-solutions.net/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost gcubeftp.gc-solutions.net:443>
ServerAdmin webmaster@gcubeftp.gc-solutions.net
ServerName gcubeftp.gc-solutions.net
ServerAlias server
DocumentRoot /SFTP/sftp
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /SFTP/sftp>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/gc-solutions.net.cert
SSLCertificateKeyFile /etc/ssl/private/gc-solutions.net.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
SSLCertificateChainFile /etc/ssl/gc-solutions.net.cabundle
- Set root password and login as root
#sudo passwd root
#su
- Copy SSL file on below location
/etc/ssl/certs/gc-solutions.net.cert
/etc/ssl/private/gc-solutions.net.key
/etc/ssl/gc-solutions.net.cabundle
- Enable default ssl
#sudo cd /etc/apache2/sites-available/
#sudo a2enmod ssl
Restart apache and SSH
#sudo /etc/init.d/apache2 restart
#sudo /etc/init.d/sshd restart
To create FTP accounts you need to create two files “sftp.sh & userlist.txt” and run the script file.
#sudo vim userlist.txt
#Add here FTP account name to create or remove.
Test
#sudo vim sftp.sh
#!/bin/sh
for i in `more userlist.txt `
do
echo; echo "Creating new SFTP account for $i"
mkdir /SFTP/sftp/$i
echo; echo "Directory Created for $i "
sudo useradd -d /SFTP/sftp/$i $i
echo "$i:pass@1234" | sudo chpasswd
sudo usermod -g sftpusers $i
sudo usermod -s /usr/sbin/nologin $i
echo; echo "New SFTP account created for $i "
sudo chown root:$i /SFTP/sftp/$i
sudo chmod 755 /SFTP/sftp/$i
sudo mkdir /SFTP/sftp/$i/Home
sudo chown $i:$i /SFTP/sftp/$i/Home
sudo chmod 755 /SFTP/sftp/$i/Home
sudo cp -rvf /SFTP/sftp/index.html /SFTP/sftp/$i
echo; echo "You have created new SFTP for $i "
echo; echo "Password for SFTP account $i is pass@1234 "
echo; echo "You can change the password of this SFTP account $i using the command: sudo passwd $i "
echo; echo "Home page of the SFTP account $i : http://gcubeftp.gc-solutions.net/$i "
done
#sudo chmod +x sftp.sh
#sudo ./sftp.sh
Now it’s done you have created the sftp account of test, to remove a ftp you need create a script as below.
#sudo vim removesftp.sh
#!/bin/sh
for i in `more userlist.txt `
do
echo; echo "Removing new SFTP account for $i"
echo; echo "Change ownership of SFTP folder for $i "
sudo chown -R $i:$i /SFTP/sftp/$i
sudo usermod -g $i $i
sudo userdel -r $i
#sudo userdel $i
echo; echo "SFTP account $i is removed now"
done
- To change password of bulk sftp accounts the script will be as below.
#!/bin/sh
for i in `more userlist.txt `
do
echo; echo "Change password of SFTP account $i"
echo "$i:pass@1234" | sudo chpasswd
echo; echo "New password of SFTP account $i is: pass@1234"
done