Skip to content

Instantly share code, notes, and snippets.

Created March 28, 2012 07:07
Show Gist options
  • Save joshellington/2224420 to your computer and use it in GitHub Desktop.
Save joshellington/2224420 to your computer and use it in GitHub Desktop.
Basic tutorial for creating a SFTP-only user on Ubuntu 9.04 and greater

Adding SFTP-only user to Ubuntu Server

To add a SFTP-only user, you'll need to make sure your SSH config settings are correct, add a new user/group and set permissions for your new user. For step-by-step directions, see below. Omit sudo if you're logged in as root.


  1. Edit /etc/ssh/sshd_config and make sure to add the following at the end of the file:

     Match group filetransfer
     	ChrootDirectory %h
         X11Forwarding no
         AllowTcpForwarding no
     	ForceCommand internal-sftp
  2. Restart OpenSSH:

     sudo /etc/init.d/ssh restart
  3. Add new group for SFTP-only users:

     sudo addgroup filetransfer
  4. Add new user (make sure to switch out username in the following steps to your specified username):

     sudo adduser username
  5. Add user to new group and set permissions:

     sudo usermod -G filetransfer username
     sudo chown root:root /home/username
     sudo chmod 755 /home/username
  6. Create directories for user and set final permissions:

     cd /home/username
     sudo mkdir folder_1 folder_2
     sudo chown username:username *
  7. Setup a symbolic link to make the user's folder available to the public (/var/www/... path will be dependent on your environment):

     sudo ln -s /home/username/USER_DIRECTORY /var/www/

    If you need to view the public directory index, you may have to add a .htaccess file in your PUBLIC_DIRECTORY with: Options +Indexes

  8. Use Cyberduck or another SFTP client to connect. Go have a beer.

Copy link

Thanks for the tutorial, found it helpful. :)

I skipped step 7 (don't want them public). Can I still go for the beer?

More stress on the importance of step 5 though, tried to skip that too first (why should the user not own their home? or write there?) but it just wouldn't work without it.

Copy link

Hi there, I originally used this same guide and added two user accounts that worked perfectly well until fairly recently. One of my accounts I can login fine into FileZilla, but the other one or any subsequent accounts I create, will not log in. I get 'Authentication failed' and Critical error: could not connect to server.

Please advise

Copy link

I understand all the steps, but when I tried to connect with my sftp client (FileZilla), I obtain authentication error message. I dont know why, I repeat all the steps many times.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment