Sim, dê uma olhada em Como fazer no SFTP do Ubuntu :
Step 1- Create a Group for the Restricted Accounts
For the sake of this example, we’ll create a new group called ‘sftponly‘ It’s best to use the addgroup command to do this, as it takes care of allocating an un-used GID (Group Identifier) to the new group for us:
sudo addgroup sftponlyStep 2- Create the User Account
For examples sake, we’ll create a user account with the username ‘bob‘ , set his home directory as ‘/home/bob‘ and give him the password ‘pass‘
We’ll use the useradd command here as it takes care of assigning an unallocated UID to the user account for us.
Creating the User Account:
sudo useradd -d /home/bob -s /usr/lib/sftp-server -M -N -g sftponly bobSetting the Password:
sudo passwd bobStep 3- Setup the users home directory
Right, lets create a home for bob and give him somewhere to put his files. Enter the commands below one by one on separate lines:
sudo mkdir -p /home/bob/uploads /home/bob/.ssh sudo chown bob:sftponly /home/bob/uploads /home/bob/.ssh sudo chmod 700 /home/bob/.sshThe first line creates the ‘/home/bob‘, /home/bob/uploads‘ and ‘/home/bob/.ssh‘ directories.
The second line sets the owner and group of the /home/bob directory to root. This is an important step as the SSH server will complain (and refuse to let our restricted user login) if the root of the users home directory is NOT owned by root.
The third line sets the owner and group on ‘/home/bob/uploads‘ and ‘ /home/bob/.ssh‘ so these directories can be used by the restricted user. In this example, the ‘uploads‘ subdirectory will be used to store files while the ‘.ssh‘ subdirectory is used to store the users public key.
You should be able to login to you account with a username and password when you’ve completed all the steps in this guide, but it’s recommended you use the public key method for authentication as it is considerably more secure.
If you already have a private and public key you would like to use, then all you need to do is to upload a copy of the public key to a subdirectory named .ssh in the users home directory.
Assuming that our public key file is named ‘bob.pub‘, we would issue the following commands to setup public key authentication for the bob user account.
cd /home/bob/.ssh cat bob.pub >> authorized_keys chmod 700 authorized_keys chown bob:sftponly authorized_keys rm -r bob.pubStep 4- Add an entry to /etc/shells
Open the file /etc/shells as root in your favorite text-editor, and add the following line at the bottom:
/usr/lib/sftp-serverStep 5- Amend the SSH Server Configuration file
Open the SSH server configuration file as root to start making changes. On a Ubuntu system, this file is usually /etc/ssh/sshd_config This may differ with other distributions, so check beforehand.
Find the line
Subsystem sftp /usr/lib/openssh/sftp-serverand change it to read:Subsystem sftp internal-sftpNow add the following lines at the bottom of the file:
Match group sftponly ChrootDirectory %h X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftpThe line
Match group sftponlytells the SSH server to apply the configuration options below it to all members of thesftponlysystem group.The line
ChrootDirectory %htells the SSH server to confine a user to their home directory only (The home directory is specified here using%h)The
X11Forwarding noandAllowTcpForwarding nolines prevent the user from, respectively, accessing graphical applications on the server and from connecting to other systems via ours.The
ForceCommand internal-sftpline prevents the user from executing their own commands and forces them to use the SFTP server component of the SSH server by executing the ‘internal-sftp‘ command when the user logs in.Step 6- Restart the SSH Server
Ubuntu/Debian users can issue the following command to restart the SSH server:
sudo /etc/init.d/ssh restartThat’s it. You should be able to login using the ‘sftp‘ command with either the username and password you setup or using your private key (if you set this up in Step 2.) Using the setup outlined here, you would only have to repeat steps 1-3 to setup new accounts.