SFTP restrict user with IP address access home directory only

1. Add user and group

>useradd warawich
>groupadd sftponly
>usermod -G sftponly warawich
>usermod warawich -g sftponly -s /sbin/nologin
>passwd warawich
>cd /home/warawich
>mkdir .ssh
>cd .ssh && touch authorized_keys

2. Paste public key in authorized_keys file then save

Then change permission directory and file
>chmod 700 -R /home/warawich
>chmod 600 /home/warawich/.ssh/authorized_keys

3. Edit sshd_config

Example: We want to limit access from 49.228.71.24 and 27.55.79.125 for user warawich and allows access from anywhere for other users
vim /etc/ssh/sshd_config 

UseDNS no
Subsystem sftp internal-sftp
    AllowUsers [email protected] [email protected] user1 user2
    Match Group sftponly
    ChrootDirectory /home
    ForceCommand internal-sftp
    PermitTunnel no
    AllowAgentForwarding no
    X11Forwarding no
    AllowTcpForwarding no
systemctl restart sshd

Leave a Reply

Your email address will not be published. Required fields are marked *