oscarcck/gist:f6ef52aecc649551f381

## gistfile1.md

      
    Raw
  

              gistfile1.md
            
          
    Restricted SFTP-only access to a single directory using OpenSSH
Edit /etc/ssh/sshd_config
Match Group sftp-users
Force the connection to use SFTP and chroot to the required directory.

ForceCommand internal-sftp
ChrootDirectory /home/sftp-users
Disable tunneling, authentication agent, TCP and X11 forwarding.

PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
sudo addgroup sftp-users
sudo adduser --ingroup sftp-users testsftp
sudo chown root /home/sftp-users
sudo chmod go-w /home/sftp-users
sudo mkdir /home/sftp-users/public
sudo chgrp sftp-users /home/sftp-users/public
sudo chmod g+rwx /home/sftp-users/public
sudo service ssh restart
ref:
http://passingcuriosity.com/2014/openssh-restrict-to-sftp-chroot/
http://askubuntu.com/questions/49271/how-to-setup-a-sftp-server-with-users-chrooted-in-their-home-directories
http://askubuntu.com/questions/134425/how-can-i-chroot-sftp-only-ssh-users-into-their-homes