Ubuntu – Limit SFTP user access to specified directory

14.04chrootopensshsftpssh

I have a Ubuntu 14.04 server installed with open ssh. I'd like to configure sftp for customers to be able to download files only. In other words, I put files in a directory that they are jailed to. I need to make sure they can only access the directory with their file(s) and nothing else.

Originally I was going to use vsftpd, but someone told me that sftp is the better option. If there's some documentation on what I need that would be great.

I need help with the following:

  1. How to configure sftp
  2. How to set up user accounts and use them for sftp
  3. How to set accounts to jail

Best Answer

Settings for /etc/ssh/sshd_config

Subsystem sftp internal-sftp -f AUTH -l VERBOSE
UsePAM yes
Match group sftp
  ChrootDirectory %h
  ForceCommand internal-sftp
  AllowTcpForwarding no

create group sftp:

groupadd sftp

Create directory

sudo mkdir /ftpusers
sudo mkdir /ftpusers/HomeFolder

Create user directly with new sftp group attached:

sudo useradd -d /ftpusers/HomeFolder -m UserName -g sftp -s /bin/false
sudo passwd UserName

set permissions for use with ssh for sftp:

chown root:root /ftpusers/HomeFolder
chmod 755 /ftpusers/HomeFolder

restart service:

service ssh restart

Note, the home folder for the new sftp user has to be given root owner.

Related Question