OpenSSH comes with a SFTP server. First install OpenSSH Server.
sudo apt install openssh-server
sudo groupadd sftponly
Create the SFTP directory. The ChrootDirectory set in
sshd_config must be owned by root and only writeable by root.
sudo mkdir /sftp/ sudo chown root:sftponly /sftp/ sudo chmod 2755 /sftp/ # The 2 is for g+s
If the ChrootDirectory is not owned by root you will get the following error:
packet_write_wait: Connection to 127.0.0.1 port 22: Broken pipe Couldn't read packet: Connection reset by peer
Configure SFTP server
Add the following to the bottom of
Match Group sftponly ChrootDirectory /sftp/ ForceCommand internal-sftp AllowTcpForwarding no
sudo service ssh restart
You can create directories inside and just copy files into and they will be owned by the
sudo mkdir /sftp/files/ # Allow sftponly users to upload files sudo chmod 2775 /sftp/files/ sudo cp file /sftp/files/
You can create a new user in the
sftponly group and use that user and password to login to the SFTP server.
sudo useradd -M -G sftponly $newUser sudo passwd $newUser # set password sudo -u $newUser sftp localhost
To add your user to the group
sudo usermod -a -G sftponly $USER
In order for your user to actually be in the
sftponly group you need to log in after the usermod command.
The safest thing to do is to compare your current groups with the new groups while you are still in the current environment.
I forgot the
-a in the
usermod command and had to use GRUB to get a root terminal and add my user back to the correct groups.
With the groups after login
su - $USER groups id
The only difference should be the