ssh accounts with sftp home only access


Subsystem sftp internal-sftp
Match Group sftponly
        ChrootDirectory %h
        ForceCommand internal-sftp
        X11Forwarding no
        AllowTcpForwarding no

Create the account:

groupadd sftponly
useradd -g sftponly someone
mkdir /home/someone
chown root:root /home/someone
chmod 755 /home/someone
mkdir /home/someone/someone
chown someone:sftponly /home/someone/someone

Set some password for the account:

passwd someone

 Now you can access using sftp

me@MacBookPro:~ $ sftp's password: 

Connected to
sftp> ls
sftp> cd someone
sftp> ls -l
-rw-r--r--    1 1003     1003           26 Apr 10 20:03 hello.txt

And that's it, enjoy.

