step 1 : Install OpenSSH package if not installed
sudo apt-get install openssh-server
Step 2 : Create separate group for SFTP users.
sudo addgroup ftpaccess
Step 3 : Edit /etc/ssh/sshd_config file and make changes as below. Find and comment below line.
#Subsystem sftp /usr/lib/openssh/sftp-server
and add these lines to the end of the file.
Subsystem sftp internal-sftp
Match group ftpaccess
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
PasswordAuthentication yes
Step 4 : Restart sshd service.
sudo service ssh restart
Step 5 : Add user with ftpaccess group and create password.
sudo adduser zql --ingroup ftpaccess --shell /usr/sbin/nologin
sudo passwd zql
Step 6 : Modify home directory permission.
sudo chown root:root /home/zql
Step 7 : Create a directory inside home for upload and modify permission with group.
sudo mkdir /home/zql/shared
sudo chown zql:ftpaccess /home/zql/shared
Step 8: Test ssh login and sftp login
# another host
ssh zql@sftp-host-ip # this will fail
# another host
sftp zql@sftp-host-ip # input pwd and you will login, but can not access other directory
That's it .
