Following a previous post regarding how to use your raspberry-pi device as a file server, we are going to continue amd set up sftp service on the same pi device, so that it may be accessible over WAN.
The complete guide comes from a Mark Van den Borre posting available through this link.In our case however the steps are fewer, since raspberry has already the openssh server set up and running and if you have followed from the previous port we already have a user (bill) and a group (microsoft) to use for sftp service.
To get started let;s give our friend Bill a password:
pi@xena ~ $ sudo passwd bill Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
Next step will be to prevent Bill from interactively logging in. The usual remedy to this problem to use the sftp server as a login shell. After the post is over bill will not be able to access our pi from ssh either
pi@xena ~ $ sudo chsh bill Changing the login shell for bill Enter the new value, or press ENTER for the default Login Shell [/usr/lib/tftp-server]: /usr/lib/sftp-server pi@xena ~ $
Now for the sftp configuration itself. (Copying, pasting and adjusting from Mark's post we have something like this:) Open the default OpenSSH server configuration for editing:
pi@xena ~ $ sudo vi /etc/ssh/sshd_config
: and change the default sftp server from:
Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Some users can only use sftp, but not other OpenSSH features like remote login. Let's create a rule for that group of users. Add the following section to the bottom of /etc/ssh/sshd_config:
Match group microsoft ChrootDirectory /mnt/SFTP-Data X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftpπ> Reboot...