Skip to content

ssh and access

passwordless ssh access

Create a new key. Choose the default file location when prompted. Press Enter when prompted for a passphrase.

ssh-keygen -t ed25519

The command will create two files.


Copy the public key ( to the remote server.

ssh-copy-id -i .ssh/ -p 22 login@remoteserver

tail -f on a remote server

ssh user@host "tail -f /var/log/messages"

block ssh for a user or a group

block a user:

DenyUsers user1 user2 user3

block a group:

DenyGroups group1 group2 group3

save the file, and restart the daemon

sudo service ssh restart

sftp jail

if you have already configured an ftp server to allow users to access only their home directory, know that you can do the same with sftp. and even prevent the user from accessing the server via ssh.

configure openssh server

add or edit this item on /etc/ssh/sshd_config

Subsystem sftp internal-sftp

add this to the end of the same file

Match group filetransfer
    ChrootDirectory %h
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

restart openssh

service ssh restart

modify user accounts

create a system group, which will be used by all users that can access the server only via SFTP.

addgroup --system filetransfer

modify the user accounts to restrict their access to sftp only. these commands need to be done for each user account that is created.

usermod -G filetransfer the_user
chown root:root /home/the_user
chmod 755 /home/the_user

user accounts that can access the server via ssh should not be changed, nor should they be added to the filetransfer group.

once this is done, it is necessary to create a directory within each user's home. this directory will be the place where the user can place his files normally.

cd /home/the_user
mkdir public_html
chown the_user:filetransfer *

with these settings, users will be able to access the server via sftp and add/remove files in the public_html directory, but they will not be able to add files elsewhere, nor access the server via ssh.

reference: Limiting Access with SFTP Jails on Debian and Ubuntu