Limiting a Linux virtual host account to SFTP

Been using ispconfig3 to manage a server: setting up virtual hosts is a lot easier that way than manually. Recently had to set up SFTP access so the client can manage the content themselves. Spent a little while wiring up the ssh keys so WinSCP could securely log in, but couldn't seem to get SFTP to work. Turns out that by default the apache users are wired up to use /bin/false as the shell and it seems to be hardwired.

Google to the rescue: the debian administration FAQ yielded this gem. First set up the sftp-server to be an accepted shell:

root@host # echo '/usr/lib/stfp-server' >> /etc/shells

Then, all you have to do is alter each of the users created for apache like so:

root@host # usermod -s /usr/lib/sftp-server <username>

And...we're done. SFTP now works.

Do note: if you're doing this, make sure you've got your SSH daemon set up to require a key: no passwords allowed. Save yourself the pain and suffering of password-based SSH attacks.

As an added bonus for users of ispconfig3, you can edit /usr/local/ispconfig/server/plugins-available/ and change the lines with /bin/false to /usr/lib/sftp-server: any new sites created will automatically be SFTP enabled. The SSH authorized_keys file and public key will still need to be manually copied into place, but one thing at a time.

P.S. If you're looking to use your Android phone as a Bluetooth GPS device, checkout SolidSync Network/Bluetooth GPS in the Google Play Store or on the web at


Need to send mail in a hurry?

Try Send Overnight Mail for your FedEx Overnight, USPS Priority Express or USPS Priority mailing needs. Send Overnight Mail is the easiest way to send overnight mail, online or offline: early-morning orders can even be sent same day!