# sftp configurstion

* [Reference](https://www.thegeekstuff.com/2012/03/chroot-sftp-setup/)

## Steps

1. Create a New Group
    ```sh
    $ groupadd mitechextusers
    ```

2. Create Users
   ```sh
   # create mitechext_sw

   $ useradd -g mitechextusers -d /sftp/mitechext/software/software/shared -s /sbin/nologin mitechext_sw

   # change mitechext_sw password

   $ passwd mitechext_sw

   # verify creation
   
   $ grep mitechext_sw /etc/passwd
   ```

3. Setup `sshd_config`
```sh
$ nano /etc/ssh/sshd_config
```

* Comment out `Subsystem sftp /usr/libexec/openssh/sftp-server`. Add the following

```txt
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp

Match User mitechext_sw
  ChrootDirectory /sftp/mitechext/software
  ForceCommand internal-sftp

```

4. Create sftp home directory
```sh
$ mkdir /sftp
$ mkdir /sftp/mitechext/software
$ mkdir /sftp/mitechext/software/shared

# set folder ownership
$ chown mitechext_sw:mitechextusers /sftp//mitechext/software/shared

# verify ownership
$ ls -ld /sftp//mitechext/software/shared
drwxr-xr-x 2 mitechext_sw mitechextusers 4096 Dec 28 23:49 /sftp//mitechext/software/shared

$ ls -ld /sftp//mitechext/software
drwxr-xr-x 3 root root 4096 Dec 28 23:49 /sftp/guestuser

$ ls -ld /sftp//mitechext
drwxr-xr-x 3 root root 4096 Dec 28 23:49 /sftp

```

5. Restart sshd
```sh
$ service sshd restart

OR 

$ systemctl restart ssh
```

6 Test setup
```sh
# user should only able to access the incoming folder as root level
$ sftp mitechext_sw@127.0.0.1
```