Consentire solo l'uso di SFTP
{Stub}
Step 1: If it doesn't exist yet, create a group for the users you want to have sftp access only:
mark@neuskeutel:~$ sudo groupadd sftponly
Step 2: Add user "mark" to this group:
mark@neuskeutel:~$ sudo adduser peter sftponly
Step 3: Install openssh-server if it's not installed yet.
mark@neuskeutel:~$ sudo apt-get install openssh-server
Step 4: Open the default OpenSSH server configuration for editing:
mark@neuskeutel:~$ sudo nano /etc/ssh/sshd_config
Step 5: Change the default sftp server from:
Subsystem sftp /usr/lib/openssh/sftp-server
to
Subsystem sftp internal-sftp
Step 6: Some users can only use sftp, but not other OpenSSH features like remote login. Let's create a rule for that group of users (we'll create the group afterwards). Add the following section to the bottom of /etc/ssh/sshd_config:
Match group sftponly ChrootDirectory /home/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
Step 7: Pass ownership of peter's directory you want to be sftp accessible to the superuser:
mark@neuskeutel:~$ sudo chown root.root /home/peter
Step 8: Now we change peter's home directory (normally /home/peter) to /:
sudo usermod -d / peter
Step 9: Repeat steps 2, 7 and 8 for any other users that you want to give sftp access.