Allow scp/ssh for www-data user

ssh linux ubuntu users amazon-ec2

Solution 1:

On Debian, which Ubuntu is based on, the www-data user has /bin/sh as the default shell. To enable SFTP, you can create /var/www/.ssh/authorized_keys with you public key in it. The permissions on /var/www/.ssh should be 700, and the permissions on the authorized_keys file should be 600. You'll want to add the following to your http configuration to prohibit access to this directory.

<Directory /var/www/.ssh>
  Order Deny,Allow
  Deny from all
</Directory>

You can verify the www-data users settings (home dir, shell, etc) using getent passwd www-data.

Make sure your sshd_config has Subsystem sftp /usr/lib/openssh/sftp-server, and you'll probably want to set PasswordAuthentication no also.

Solution 2:

This is kind of insecure. I would suggest you to upload to an intermediate area using another user and run a cron job from time to time to move stuff where it belogs and change its permissions accordingly.

If you really insist on logging on as www-data, you must use a ssh private key to do that (AFAIK EC2 instances only allow key authentication). You must also check that www-data has a valid shell on /etc/passwd and a valid home dir.

In the end, you can also try some solutions of this question.

Related

NOQUEUE: reject: RCPT from on freebsd and postfix
Is there a way to remove "Last message repeated x times" from logs?
What does Virtual Bytes mean in Worker Processes pane in IIS7.5 Manager?
What is the closest equivalent of "load average" in Windows available via WMI?
Timzone incorrect for log files only?
Elastic Beanstalk force https
vsftp: why is allow_writeable_chroot=YES a bad idea?
How do I get the number of (currently) established TCP connections for a specific port?
Allow complex sudo command on Debian Linux
Guidelines for the maximum number of disks in a RAID set?
Real benefits of serial console servers (with modern server hardware)?
Knife SSH doesn't find my nodes