Created by actrons
Note: if this does not work at all, then use the archwiki guide https://wiki.archlinux.org/index.php/SFTP_chroot
Step 1 : Install OpenSSH package if not installed
sudo apt-get install openssh-server
Step 2 : Create separate group for SFTP users.
sudo addgroup sftpaccess
Step 3 : Edit /etc/ssh/sshd_config file and make changes as below. Comment out this line:
Subsystem sftp /usr/lib/openssh/sftp-server
and add these lines to the end of the file.
... Match User sammyfiles ForceCommand internal-sftp PasswordAuthentication yes ChrootDirectory /var/sftp PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no ...
Step 4 : Restart sshd service.
sudo systemctl restart ssh
Step 5 : Add user with sftpaccess group and create password.
sudo adduser <user> --ingroup sftpaccess --shell /usr/sbin/nologin
Step 6 : Modify home directory permission.
sudo chown root:root /home/<user>
Step 7 : Create a directory inside home for upload and modify permission with group.
sudo mkdir /home/<user>/www sudo chown <user>:sftpaccess /home/<user>/www
To create multiple users with their individual jails, simply create separate users and their induvidual sftpaccess-<user> groups.
sudo addgroup sftpaccess-<user>
And this needs to be reflected while creating the user as well.
sudo adduser <user> --ingroup sftpaccess-<user> --shell /usr/sbin/nologin
Lastly simply add the share to the ssh config file.
Match group sftpaccess-<user>
ChrootDirectory <path>
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp