======Create Secure SFTP Server with User Jails======
Created by actrons\\

> **Note:** if this does not work at all, then use the archwiki guide https://wiki.archlinux.org/index.php/SFTP_chroot
===== Basics =====

Step 1 : Install OpenSSH package if not installed

<code>sudo apt-get install openssh-server</code>

Step 2 : Create separate group for SFTP users.

<code>sudo addgroup sftpaccess</code>

Step 3 : Edit /etc/ssh/sshd_config file and make changes as below. Comment out this line: \\ 
**Subsystem sftp /usr/lib/openssh/sftp-server**\\ 

and add these lines to the end of the file.

<code>
...
Match User sammyfiles
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
...
</code>

Step 4 : Restart sshd service.

<code>sudo systemctl restart ssh</code>

Step 5 : Add user with sftpaccess group and create password.

<code>sudo adduser <user> --ingroup sftpaccess --shell /usr/sbin/nologin</code>

Step 6 : Modify home directory permission.

<code>sudo chown root:root /home/<user></code>

Step 7 : Create a directory inside home for upload and modify permission with group.

<code>sudo mkdir /home/<user>/www
 sudo chown <user>:sftpaccess /home/<user>/www
</code>
===== Multiple Users =====

To create multiple users with their individual jails, simply create separate users and their induvidual sftpaccess-<user> groups.

<code>sudo addgroup sftpaccess-<user></code>

And this needs to be reflected while creating the user as well.

<code>sudo adduser <user> --ingroup sftpaccess-<user> --shell /usr/sbin/nologin</code>

Lastly simply add the share to the ssh config file.
<code>
 Match group sftpaccess-<user>
         ChrootDirectory <path>
         X11Forwarding no
         AllowTcpForwarding no
         ForceCommand internal-sftp
</code>