6

I am using Laravel Forge in a DigitalOcean droplet. I need to grant SFTP access to a specific directory on the server to one of my clients. He needs read/write access to only that directory, and I am having problems with the setup.

I have followed the steps in https://bensmann.no/restrict-sftp-users-to-home-folder/, but I am stuck because Forge does not permit password authentication, only through public/private SSH keys...

Has someone done something similar? What would be the best approach for getting it done?

Many thanks in advance.

andcl
  • 3,342
  • 7
  • 33
  • 61
  • 1
    You could allow password authentication for everyone; but disable it for individual users. I.E. `root` and `forge`. – Ohgodwhy Nov 27 '16 at 22:57
  • I do not know if it has any sense, but what if I only allowed password authentication for that specific SFTP user? Wouldn't it better? How could I achieve this? – andcl Nov 28 '16 at 23:05
  • http://askubuntu.com/questions/101670/how-can-i-allow-ssh-password-authentication-from-only-certain-ip-addresses just change the `Match address` to `Match User` and it should work – Justas S Apr 01 '17 at 20:02

2 Answers2

2

I know it's late, but it might help somebody in the future. I used Freek's post to set this up in Forge and although it seemed temperamental at first locking me out of SSH completely, it just started working after a few minutes.

Barnabas Kecskes
  • 1,861
  • 17
  • 24
  • @Zeth I have just checked it and it looks ok now - there must have been a temporary issue on their side. – Barnabas Kecskes Jun 12 '19 at 09:38
  • That's wierd. I just checked again now, - and it's still giving me an error: https://imgur.com/sQLI81Z ... I'm connecting from Denmark, Europe. Could i be some IP-block of non-US IP's or something? – Zeth Jun 12 '19 at 11:22
  • Hmmm I can see that your URL is not exactly the match for mine: https://freek.dev/411-let-your-clients-use-sftp-on-a-forge-provisioned-server But your error seems to rather be something to do with the `.dev` domain. I'm in the UK and it works just fine. You probably can't access the root domain either, can you? Have you tried other browsers? (I know that `.dev` is fairly new so it could also be a local domain routing/resolving/caching issue...) – Barnabas Kecskes Jun 15 '19 at 12:10
  • 2
    Could be something like that. I can't access it from either of my browsers (Safari, Chrome, Firefox). And you're right, - I can't access the root domain either: It says `502, Bad Gateway`. I found another guide for the same thing (for others who can't access it): https://blog.laravel.com/forge-connect-to-your-server-using-ssh-or-sftp – Zeth Jun 16 '19 at 15:29
0

You can do this using Filezilla as the sftp client. Get your SSH key, add it to forge in the SSH section, create the user account from the dropdown for the directory you wish to be isolated, then use filezilla to connect.

Generate SSH Public Key windows 10: https://phoenixnap.com/kb/generate-ssh-key-windows-10

To get your SSH key in the right .ppk format (use puttygen on a pc): https://filezillapro.com/docs/v3/basic-usage-instructions/ssh-private-keys-for-sftp/

Patrick Foote
  • 1
  • 1