useradd --shell /bin/false ftpusermkdir /home/ftpuserchown ftpuser:ftpuser /ho

1. useradd --shell /bin/false ftpuser
2. mkdir /home/ftpuser
3. chown ftpuser:ftpuser /home/ftpuser/
4.  
5. mkdir /home/ftpuser/.ssh
6. mkdir /home/ftpuser/.ssh/authorized_keys
7. chmod 0700 /home/ftpuser/.ssh
8. chmod 0600 /home/ftpuser/.ssh/authorized_keys
9. cp /etc/ssh/ssh_host_rsa_key.pub /home/ftpuser/.ssh/authorized_keys/
10. sudo service ssh restart
11.  
12. Status: Connecting to ip.address:3333...
13. Response: fzSftp started, protocol_version=8
14. Command: open "ftpuser@domain.com" 3333
15. Command: Pass: ********
16. Status: Connected to ip.address
17. Error: Received unexpected end-of-file from SFTP server
18. Error: Could not connect to server
19.  
20. # Package generated configuration file
21. # See the sshd_config(5) manpage for details
22.  
23. # What ports, IPs and protocols we listen for
24. Port 3333
25. # Use these options to restrict which interfaces/protocols sshd will bind to
26. #ListenAddress ::
27. #ListenAddress 0.0.0.0
28. Protocol 2
29. # HostKeys for protocol version 2
30. HostKey /etc/ssh/ssh_host_rsa_key
31. HostKey /etc/ssh/ssh_host_dsa_key
32. HostKey /etc/ssh/ssh_host_ecdsa_key
33. HostKey /etc/ssh/ssh_host_ed25519_key
34. #Privilege Separation is turned on for security
35. UsePrivilegeSeparation yes
36.  
37. # Lifetime and size of ephemeral version 1 server key
38. KeyRegenerationInterval 3600
39. ServerKeyBits 1024
40.  
41. # Logging
42. SyslogFacility AUTH
43. LogLevel INFO
44.  
45. # Authentication:
46. LoginGraceTime 120
47. PermitRootLogin yes
48. StrictModes yes
49.  
50. RSAAuthentication yes
51. PubkeyAuthentication yes
52. #AuthorizedKeysFile %h/.ssh/authorized_keys
53.  
54. # Don't read the user's ~/.rhosts and ~/.shosts files
55. IgnoreRhosts yes
56. # For this to work you will also need host keys in /etc/ssh_known_hosts
57. RhostsRSAAuthentication no
58. # similar for protocol version 2
59. HostbasedAuthentication no
60. # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
61. #IgnoreUserKnownHosts yes
62.  
63. # To enable empty passwords, change to yes (NOT RECOMMENDED)
64. PermitEmptyPasswords no
65.  
66. # Change to yes to enable challenge-response passwords (beware issues with
67. # some PAM modules and threads)
68. ChallengeResponseAuthentication no
69.  
70. # Change to no to disable tunnelled clear text passwords
71. #PasswordAuthentication yes
72.  
73. # Kerberos options
74. #KerberosAuthentication no
75. #KerberosGetAFSToken no
76. #KerberosOrLocalPasswd yes
77. #KerberosTicketCleanup yes
78. #KerberosOrLocalPasswd yes
79. #KerberosTicketCleanup yes
80.  
81. # GSSAPI options
82. #GSSAPIAuthentication no
83. #GSSAPICleanupCredentials yes
84.  
85. X11Forwarding yes
86. X11DisplayOffset 10
87. PrintMotd no
88. PrintLastLog yes
89. TCPKeepAlive yes
90. #UseLogin no
91.  
92. #MaxStartups 10:30:60
93. #Banner /etc/issue.net
94.  
95. # Allow client to pass locale environment variables
96. AcceptEnv LANG LC_*
97.  
98. Subsystem sftp /usr/lib/openssh/sftp-server
99.  
100. # Set this to 'yes' to enable PAM authentication, account processing,
101. # and session processing. If this is enabled, PAM authentication will
102. # be allowed through the ChallengeResponseAuthentication and
103. # PasswordAuthentication. Depending on your PAM configuration,
104. # PAM authentication via ChallengeResponseAuthentication may bypass
105. # the setting of "PermitRootLogin without-password".
106. # If you just want the PAM account and session checks to run without
107. # PAM authentication, then enable this but set PasswordAuthentication
108. # and ChallengeResponseAuthentication to 'no'.
109. UsePAM yes