Introduction

SSH File Transfer Protocol

Install

sudo apt-get update
sudo apt-get install openssh-server

In order to limit the usage of the sftp folders we create a group which will be used only for the sftp users/folders.

sudo groupadd <sftpgroup>

It is recommended to not use a system user which has access to other things than the sftp folders.

The group id is needed for the creation of the sftp users. In order to find it out:

sudo grep <sftpgroup> /etc/group

Create a user:

sudo useradd <username> -d / -g <sftpgroupid> -M -N -o -u <sftpgroupid>
sudo passwd  <username>

The arguments we used:

-d is the user home directory which needs to be set to / (root).
-g is the user group id to assign which in our example needs to be assigned to sftponly.
-M stops the useradd command creating a home directory.
-N useradd by default creates a group with the same name as the new user, this disables that behaviour.
-u is the user id, which in our case needs to be the same id value as sftponly.
-o allows duplicate, non-unique user ids.

Edit /etc/ssh/sshd.conf and modify:

Subsystem sftp /usr/lib/openssh/sftp-server

to

Subsystem sftp internal-sftp

Add at the end of the file and replace /var/www by the folder you are going to use for sftp (which can be /var/www):

# SFTP configuration
 Match group <sftpgroup>
ChrootDirectory /var/www
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

The folders and files under the ChrootDirectory need to be set has part of the group sftp.

Here are the right folder permissions for the following situation: