User Tools

Site Tools


sftp-config

SFTP access using OpenSSH

In this example we are going to create SFTP access for a user named sftp_user.

Simply create a folder for the sftp chroot jail for our sftp user, make sure it is owned by root.

sudo mkdir -p /sftp/sftp_user
sudo chown root:root /sftp
sudo chown root:root /sftp/sftp_user

Add the user for SFTP access:

sudo adduser sftp_user --home /sftp/sftp_user --shell /bin/false --no-create-home
sudo groupadd sftp_only
sudo usermod -a -G sftp_only sftp_user

Edit /etc/ssh/sshd_config, find and change the Subsystem entry to look like this:

Subsystem sftp internal-sftp -u 0022

Then add the following lines at the end:

Match group sftp_only
        ForceCommand internal-sftp
        ChrootDirectory /sftp/%u
        X11Forwarding no
        AllowTcpForwarding no

Restart the SSH server:

sudo /etc/init.d/ssh restart

That should be it :-)

Reference: SFTP Cookbook

sftp-config.txt · Last modified: 2019/07/21 18:03 (external edit)