View Full Version : [ubuntu] Chrooting SFTP Server

February 9th, 2012, 12:17 AM
Hey Everyone,

I would first like to say that I'm kind of new to Linux. I have some experience but it remains rather limited so I have to rely a lot on tutorials found on the net.

Since a very long time, I would like to set up a FTP Server. Having done quiet a lot of research, I've found that almost nobody recommends using regular FTP, because it sends username and password in clear text.

So, the alternative is SCP or SFTP.

I have chosen for SFTP.

Although I can find numerous articles on setting up an SFTP server under Ubuntu, none of them seem to work for me.

What I would like

- A secure FTP server to upload and download files
- Give access to external people (not guests, so they should be password protected)
- Disable Shell access for those people
- Chroot the users to their home directory and give them access to nothing else

What I've done
Configured openSSH to use internal-sftp as sftp server
Added the following code:

Match Group sftponly
ForceCommand internal-sftp
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no

Added the user to the sftponly group. When I do this, I can't login with winscp with that user, giving me the error: "Network Error: Software caused connection abort.
Using username "xxx".

Authentication failed"

The second I remove him from that group so the "Match Group sftponly" line doesn't match anymore, I'm able to connect with that username.

There is probably a logical explanation for it but I can't seem to find it. Is it even possible what I'm trying to do.

Thanks in advance

February 9th, 2012, 12:59 PM

SSH with SFTP works out of the box, so all you got to do to make it work, is undo your changes...