Guide: SFTP access to chrooted directory Ubuntu

In case you're wondering what the difference is between SFTP and FTPS: SFTP is FTP over SSH and FTPS is FTP with SSL.

Step 1 – Setup chroot in SSH config

sudo nano /etc/ssh/ssh_config

Paste the following in this file

Match group sftp ChrootDirectory %h X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp

This will ensure that each user belonging to the sftp group is chrooted to their home directory

Step 2 – restart the SSH server

sudo service ssh restart

Step 3 – Create the sftp group

sudo addgroup sftp

Step 4 – Create SFTP user

sudo adduser --home /home/USERNAME/ --no-create-home --shell /usr/sbin/nologin USERNAME

Replace USERNAME with the username you want to use to login with SFTP. Setting the shell nologin ensures that this user will not be able to login with SSH

Step 5 – Add the user to the sftp group

sudo adduser USERNAME sftp

Step 6 – Set the ownership and permissions

cd /home/USERNAME

Change the owner of this directory to root

sudo chown root:sftp .

Set the permissions of this directory to 755

sudo chmod 755 .

Step 7 – Create dir within home dir

A directory within the home directory needs to be created

mkdir /home/USERNAME/somedir

The USERNAME needs to be set as the owner of this directory

sudo chown USERNAME:sftp /home/USERNAME/somedir

You are now good to go and are able to read and write files to /home/USERNAME/somedir. You will not be able to r/w files to /home/USERNAME as this directory is owned by root:sftp and SFTP will fail if this is not the case. All credit to Baxeico for this information.