====== Ubuntu - SFTP - Script to Create a SFTP User to Access Only Home Directory ======

<WRAP info>
**NOTE:**  This script will save the password in the **account.txt** file.
</WRAP>

----

===== Go Home =====

<code bash>
cd /home
</code>


===== Create the accounts.txt file =====

<code bash>
sudo touch accounts.txt
</code>

----

===== Create the sftp shell setup script =====

<file bash createsftp.sh>
#!/bin/bash

# This script automatically creates an SFTP Account and only allows access to the Home Directory.

# Check that a username is provided.
if [ $# -lt 1 ]; then
echo "Please enter a username"
echo "Usage: " $0 "peter"
exit
fi


# Check if the username already exists.
if id "$1" >/dev/null 2>&1; then
 echo "Username already exists"
 echo "Use a different username"
 exit
fi


# Generate a random password for SFTP.
newuser=$1
randompw=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10 | head -n 1)


# Create the new user and assign the random password.
useradd $newuser
echo $newuser:$randompw | chpasswd


# Set folder permissions.
mkdir /home/$newuser
chown root:root /home/$newuser
sleep 2
mkdir /home/$newuser/sftproot
sleep 2
chown $newuser:$newuser /home/$newuser/sftproot

cat <<EOF >> /etc/ssh/sshd_config
Match User $newuser
ChrootDirectory /home/$newuser/
 ForceCommand internal-sftp
 AllowTCPForwarding no
 X11Forwarding no
EOF

sleep 2
service ssh restart

# New Username and Password to accounts.txt

cat <<EOF >> /home/accounts.txt
$newuser $randompw
EOF

echo "SFTP Account:" $newuser " has been created with password:" $randompw
</file>

----

===== Make the script executable =====

<code bash>
sudo chmod +x createsftp.sh
</code>

----

===== To create an SFTP account =====

<code bash>
sudo ./createsftp.sh peter
</code>

returns:

<code bash>
SFTP Account: peter has been created with password: ABC0123def
</code>

<WRAP info>
**NOTE:**  The Password is also saved in the accounts.txt file.

<code bash>
cat account.txt
</code>

returns:

<code bash>
peter ABC0123def
</code>

</WRAP>

----

===== To Delete an SFTP Account =====

==== Delete the user ====

<code bash>
sudo deluser peter
</code>

returns:

<code bash>
Removing user `peter' ...
Warning: group `peter' has no more members.
Done.
</code>

----

==== Delete the sftp config lines ====

Delete the following lines from **/etc/ssh/sshd_config**:

<file bash /etc/ssh/sshd_config>
Match User peter
ChrootDirectory /home/peter/
 ForceCommand internal-sftp
 AllowTCPForwarding no
 X11Forwarding no
</file>

----

==== Delete the home directory of the user ====

<code bash>
sudo rm -rf peter
</code>