How can I create a user only for sftp?
Solution 1:
The command you should use to change the shell is chsh. The nologin shell can be /sbin/nologin
or /usr/sbin/nologin
(check which you have by looking in /etc/shells
) but /bin/false
would probably be a better choice.
chsh -s /bin/false user
You should consider setting up something like scponly which will do exactly what you want.
Solution 2:
You should also be able to do it with OpenSSH 4.9 and up, with which you can additionally chroot the user for increased security.
In your /etc/ssh/sshd_config
:
Match User user
ChrootDirectory /home/user
ForceCommand internal-sftp
AllowTcpForwarding no
Then run:
chsh -s /bin/false user
chown root:root /home/user
mkdir /home/user/uploads
chown user /home/user/uploads
The user will only be able to write in /home/user/uploads.
https://debian-administration.org/article/590/OpenSSH_SFTP_chroot_with_ChrootDirectory
Solution 3:
I think the best way is with mysecureshell
http://mysecureshell.sourceforge.net/en/index.html
You can chroot a user with this easily and even limit bandwidth if needed.