Here is a guide for setting up SFTP users who’s access is restricted to their home directory.
Add the following to the end of the /etc/ssh/sshd_config file:
Subsystem sftp internal-sftp # This section must be placed at the very end of sshd_config Match Group sftponly ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no
This means that all users in the ‘sftponly’ group will be chroot’d to their home directory, where they only will be able to run internal SFTP processes.
Now you can create the group sftponly by running the following command:
$ groupadd sftponly
Set a user’s group:
$ usermod steve -g sftponly
To deny SSH shell access, run the following command:
$ usermod steve -s /bin/false
And set the user’s home directory:
$ usermod steve -d /folder
Finally, you probably need to restart SSH
$ service ssh restart
The SSH part should now be in order, but you should make sure that file permissions also are correct. If the chroot environment is in a user’s home directory both /home and /home/username must be owned by root and should have permissions along the lines of 755 or 750.
In other words, every folder leading up to and including the home folder must be owned by root, otherwise you will get the following error after logging in:
Write failed: Broken pipe Couldn't read packet: Connection reset by peer