Secure File Transfer Protocol (SFTP) is a popular way for Linux users to access remote systems and transfer files to/from them. Generally, in an organization, any Linux system has multiple users who are able to access these files and folders. For system administrators, it is important to keep track of all SFTP users who have access in Linux, to be able to prevent unauthorized access. In this article, we will learn how to list SFTP users who have access to your system in Linux.
How to List SFTP Users Who Have Access in Linux
Here are the steps to get a list of all users who can access your system with the following command.
There is no single or readymade command to get a precise list of all SFTP users who can access your system. So we will begin by getting an exhaustive list of all users – people & processes – who can access your system.
List All Users
The easiest way to list all users who have access to your system is check /etc/passwd
# cat /etc/passwd
It contains a list of all users who can access your system, local and remote.
Showing All Users With Valid Shell
If you want to show all users with valid shell, run the following command. If a user’s shell has been set to /etc/false, they will not be able to log into SSH.
# cat /etc/passwd | grep -v /bin/false
Get Users With Access
/etc/shadow file contains encrypted passwords of all users. If a user doesn’t have valid password, they will not be able to login.
Here’s the command to filter out users who have valid passwords.
# cat /etc/shadow | grep '^[^:]*:[^\*!]'
In the above command, the regex means
^– The pattern have to be at the start of the line
[^:]*– Match any character that is not
:between 0 and unlimited time
:– Match the character
[^\*!]– Match any character that is not
The above command will leave out users with SSH key in their user account, so you can find them out by checking if they have a home folder.
# ls -l /home
Now you will have a limited list of user who are able to access your system. If you want to allow access to additional users, you can open SSH config file in text editor.
# vi /etc/ssh/sshd_config
Add line with AllowUsers directive followed by usernames who need to be given access, in a space-separated manner. Here is an example directive to give access to test_user1 and test_user2.
AllowUsers test_user1 test_user2
Save and close the file. Restart SSH service to apply changes.
# service ssh restart
In this article, we have learnt how to get list of SFTP users who can access your system. Unfortunately, it is a roundabout method since there is no direct command for it. Hopefully, the future updates include such as feature, which can be quite useful for system administrators.
How to Reset Jenkins Admin User Password in Linux
How to Check CP Progress in Linux
How to Run Fsck to Fix File System Error in Linux
How to Increase Open File Count in Linux
How to Total Count Lines of Code in Directory