From Newsgroup: alt.os.linux.debian
On 2026-05-03, Ant <
ant@zimage.comANT> wrote:
Hello,
How do I set up a SFTP server for only file transfers in my Debian stable/Trixie? Download and uploads only. No SSH access, accessing other directories, etc.
Thank you for reading and hopefully answering soon. :)
OpenSSH can already do this without needing anything fancy.
What you want is a chrooted SFTP setup with the user forced into
internal-sftp and no shell access.
Install the server if it is not already there:
sudo apt install openssh-server
Make a group for SFTP-only users:
sudo groupadd sftpusers
Create the user:
sudo useradd -m -g sftpusers -s /usr/sbin/nologin username
sudo passwd username
Now make the jailed directory structure:
sudo mkdir -p /sftp/username/uploads
Important part here: the top directory has to belong to root or sshd
will refuse the login.
sudo chown root:root /sftp/username
sudo chmod 755 /sftp/username
Then hand the writable directory to the user:
sudo chown username:sftpusers /sftp/username/uploads
Now edit:
/etc/ssh/sshd_config
Add this at the bottom:
Match Group sftpusers
ChrootDirectory /sftp/%u
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
Restart ssh:
sudo systemctl restart ssh
That gives them file transfers only. No shell, no wandering around the filesystem, no SSH login.
--
Tom Mix
--- Synchronet 3.22a-Linux NewsLink 1.2