Obrigado a todos, finalmente este link me ajudou a realizar minha tarefa. link
This consists of three parts:
- setting up an sftp site on EC2
- creating a new user account
- configuring the new user account to do read-only ftp, with no ssh privileges
This is intended for transferring files to and from trusted users. I use this as an adequate solution for occasionally sending very large files to clients, using an EC2 instance dedicated to that task. After the transfer is complete, I shut down or delete the instance.
Set up a server using Amazon Web Services EC2, choosing an Ubuntu Amazon Machine Image (AMI). (You can find an AMI using http://cloud.ubuntu.com/ami/. You may want to choose one that’s free tier eligible, such as ami-1aad5273)
ssh into the server:
ssh -i keyfile.pem [email protected]
Install vsftpd:
sudo apt-get install vsftpd
Create a new user:
sudo adduser newusername
Using the AWS Management Console, generate a new key pair for the third-party user.
Using puttygen, import the new key (keyname.pem) and copy its public key.
On the server, create the .ssh directory for the new user:
sudo mkdir /home/newusername/.ssh
Paste the public key into
/home/newusername/.ssh/authorized_keys
.Set permissions:
sudo chmod 700 /home/newusername/.ssh
sudo chmod 600 /home/newusername/.ssh/authorized_keys
sudo chown -R newusername:newusername /home/newusername/.ssh
Test the new user’s sftp login from your local machine:
sftp -o IdentityFile=newkeypair1.pem
[email protected]
Make a new group for users who should be limited to using only sftp:
sudo groupadd sftponly
sudo adduser newusername sftponly
Edit
/etc/ssh/sshd_config
and change the Subsystem line to:
Subsystem sftp internal-sftp
and add these lines to the end of
/etc/ssh/sshd_config
:
Match group sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Set permissions, without clobbering files necessary for EC2’s key-based authentication:
sudo chown root:root /home/newusername
sudo chown -R newusername:newusername /home/newusername/.ssh
sudo /etc/init.d/ssh restart
Now the new user can connect by sftp, but not by ssh. Place the files you want to share in
/home/newusername
, and share the key with the user.