# sftp configurstion

* [Reference](https://www.thegeekstuff.com/2012/03/chroot-sftp-setup/)

## Steps

1. Create a New Group
    ```sh
    $ groupadd sftpusers
    ```

2. Create Users
   ```sh
   # create guestuser
   $ useradd -g sftpusers -d /incoming -s /sbin/nologin guestuser

   # change guestuser password
   $ passwd guestuser

   # verify creation
   $ grep guestuser /etc/passwd

   # modify an existing user. eg john
   $ usermod -g sftpusers -d /incoming -s /sbin/nologin john
   ```

3. Setup `sshd_config`
```sh
$ nano /etc/ssh/sshd_config
```

* Comment out `Subsystem sftp /usr/libexec/openssh/sftp-server`. Add the following

```txt
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp

Match Group sftpusers
  ChrootDirectory /sftp/%u
  ForceCommand internal-sftp

```

4. Create sftp home dirctory
```sh
$ mkdir /sftp
$ mkdir /sftp/guestuser
$ mkdir /sftp/guestuser/incoming

# set folder ownership
$ chown guestuser:sftpusers /sftp/guestuser/incoming

# verify ownership
$ ls -ld /sftp/guestuser/incoming
drwxr-xr-x 2 guestuser sftpusers 4096 Dec 28 23:49 /sftp/guestuser/incoming

$ ls -ld /sftp/guestuser
drwxr-xr-x 3 root root 4096 Dec 28 23:49 /sftp/guestuser

$ ls -ld /sftp
drwxr-xr-x 3 root root 4096 Dec 28 23:49 /sftp

```

5. Restart sshd
```sh
$ service sshd restart
```

6 Test setup
```sh
# user should only able to access the incoming folder as root level
$ sftp guestuser@192.168.0.222
```