Sometimes you need to transfer big files around. Email (when encrypted) is usually available everywhere, but it is not that good with multiple or big files. The generic way is to give SSH access to your server. SSH is encrypted and also supports SFTP protocol. But giving SSH access to total strangers to your network is always frightening situation. Somebody is touching your servers!
No fear! You can isolate the user pretty well. Put this to your /etc/ssh/sshd_config file:
Match Group sftponly PasswordAuthentication yes ChrootDirectory %h AllowTCPForwarding no X11Forwarding no ForceCommand internal-sftp
The line “PasswordAuthentication yes” is needed if you by default only allow public key authentication and you want to ease up the connection for the stranger.
And then you create new users with command:
useradd -d /home-sftponly/stranger -g sftponly -s /bin/false stranger Now stranger can access your server only with SFTP and only to that one directory.
And I put this little gem running on a separate virtual machine which is totally isolated from the surrounding internal network. It has network access only to the internet. KVM rocks!