How do I setup ftp/sftp on aws

0

3

I want to shares files with a client over the internet and am looking into ftp solutions on aws. I have tried aws sftp, but setting role policies is awkward and the service seems a bit costly for my basic use case. Is there an alternate way to setup an ftp server on EC2 or S3 that non-aws users can access. I want to add read permissions for different users for different subdirectories. I am using macosx.

I tried following instructions on https://stackoverflow.com/questions/7052875/setting-up-ftp-on-amazon-cloud-server but it is not clear how I can permission non-aws users to see my files and I couldn't get vsftpd working.

Is there a recommended/standard aws setup for sharing files with non aws users, preferably securely (sftp). I would be sharing updated files a few times a day every day with hundreds of users.

user11020868

Posted 2019-03-25T02:30:17.060

Reputation: 29

"without much luck" does not tell us anything about the problems that you are facing. – Martin Prikryl – 2019-03-25T07:01:43.640

apologies, I updated the problem description, but still don't think the instructions I followed for ec2 would give me what I am looking for so I posed the question more generally. – user11020868 – 2019-03-25T08:21:43.643

sftp seems to be available out of the box if you use a regular FTP setup you need to setup the appropriate users and permissions that includes non-aws users. How to do that depends on the application. – Seth – 2019-03-25T09:17:36.607

If you already have EC2 Linux server, you do not need to use Amazon SFTP transfer feature. Just use a built-in SFTP Linux server. – Martin Prikryl – 2019-03-26T09:27:37.277

@MartinPrikryl Are there recommended instructions for doing so from macos? I still want to maintain access to s3 bucket from server. – user11020868 – 2019-03-26T09:50:36.973

Answers

2

If you don't want to use AWS Transfer for SFTP, it is possible to set up your SFTP server directly from an EC2 instance.

If you follow correctly these instructions you should be able to create your SFTP users quite easily. In my specific case I used a micro T2 instance with Ubuntu 18.04

  1. Let's install openSSH
sudo apt-get install openssh-server
  1. You need to create a specific group where you will jail the users.
sudo groupadd sftpusers
  1. Edit /etc/ssh/sshd_config using vim or nano
    Comment out #Subsystem sftp /usr/lib/openssh/sftp-server
    Then instead, add Subsystem sftp internal-sftp to allow SFTP connections into your server
    Lastly, at the end of the file specify the new group configurations 
Match group sftpusers
        ChrootDirectory %h
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp
        PasswordAuthentication yes
  1. At this point your /etc/ssh/sshd_config should look like: 
(...)

#Subsystem sftp /usr/lib/openssh/sftp-server

(...)

Subsystem sftp internal-sftp

Match group sftpusers
        ChrootDirectory %h
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp
        PasswordAuthentication yes
  1. You need to restart the ssh service to apply the changes. 
sudo service ssh restart
  1. Now you should be set-up to create a new user.
    Follow the different instructions of the command below and input the user password. 
sudo adduser user1
  1. Let's add our new user to the sftp group we created earlier. 
sudo usermod -g sftpusers user1
sudo usermod -s /bin/nologin user1
  1. At this point, the last thing we need to do is jail our user inside the /home/<user> directory. 
sudo chown root:user1 /home/user1
sudo chmod 755 /home/user1

You can create new folders that belongs to the user using

sudo mkdir /home/user1/new_folder
sudo chown user1:user1 /home/user1/new_folder
sudo chmod 755 /home/user1/new_folder

I created this repo few days ago that automate this process: https://github.com/smallwat3r/manage-jailed-sftp-users

smallwat3r

Posted 2019-03-25T02:30:17.060

Reputation: 143

What does vsftpd have to do with SFTP? vsftd is FTP server! sshd_config is a configuration file for OpenSSH sshd, not vsftpd. You mix two completely unrelated pieces of software. – Martin Prikryl – 2019-03-28T15:19:47.910

Thanks for spotting this @MartinPrikryl. I've mingled with OpenSSH, I edited my post. – smallwat3r – 2019-03-28T15:32:02.017

Good. Though are you sure, you need to install openssh-server? Every Linux comes with OpenSSH, doesn't it? – Martin Prikryl – 2019-03-28T15:33:58.833

it worked for me as a charm. Big thanks. Any idea as how to restrict number of connections in the SFTP server configured? – user1737079 – 2019-06-06T13:29:49.017

Asked: 2019-03-25T02:30:17.060

Viewed: 2 012 times

Active: 2019-04-03T05:26:28.387