Setting up SFTP with chroot

Instead of installing with VSFTPD package to configure the FTP service we can use the default SSH service and port 22 for secure file system protocol. This will secure the file transfer with added encrypted method which used in default SSH configuration.

first, add a group

# groupadd secure_ftp

Add the user to newly created Group

Note: User will not be added in Sudo, Don’t try with current user which you have logged in if so you will loose the admin privileges

# usermod -G secure_ftp sysadmin

Edit the ssh configuration

# vim /etc/ssh/sshd_config

Comment the following line to add a new line below that

#Subsystem sftp /usr/lib/openssh/sftp-server

Add this line below the Subsystem.

# Subsystem sftp internal-sftp

Append the below chroot config.

Match Group secure_ftp
x11Forwarding no
AllowTcpForwarding no
ChrootDirectory /home
ForceCommand internal-sftp

Restart the ssh service

# sudo service ssh restart

Now login from client machines

# sftp sysadmin@

This will work using default ssh with the port (22).