Let’s create sFTP only group:
groupadd sftp_users
Create sFTP user and add to sFTP group:
useradd sftp_user
usermod -G sftp_users sftp_user
usermod sftp_user -s /bin/false
usermod sftp_user -d /home/sftp_user
Create folder for sFTP user and set premissions:
mkdir /home/sftp_user
chown root.root /home/sftp_user/
chmod 755 /home/sftp_user/
Edit sshd config:
nano /etc/ssh/sshd_config
Add at the end of config:
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
Match Group sftp_users
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /home/sftp_user/
ForceCommand internal-sftp
and restart sshd service:
service ssh restart
If you have some problems with auth, check log file:
tail -f /var/log/auth.log
openssh-server: https://goneuland.de/wordpress/debian-8-jessie-sftp-server-einrichten/
MySecureShell: https://codeby.net/kak-ustanovit-bezopasnyj-sftp-server-v-linux/
vsftpd: https://www.dmosk.ru/miniinstruktions.php?mini=vsftpd-ubuntu
https://www.rosehosting.com/blog/easy-ftp-vsftpd-server-with-virtual-users-on-debian-8-jessie/
internal-sftp: https://www.8host.com/blog/ogranichenie-dostupa-k-obolochke-s-pomoshhyu-sftp-v-ubuntu-16-04/