step by step configure sftp server in Linux

 [root@sftp ~]# groupadd  sftp_users

[root@sftp ~]# useradd  -G sftp_users -s /sbin/nologin sftp_user
[root@sftp ~]#
[root@sftp ~]# passwd sftp_user
Changing password for user sftp_user.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@sftp ~]#
[root@sftp ~]#

[root@sftp ~]# usermod -G sftp_users -s /sbin/nologin sftp_user
[root@sftp ~]# vim /etc/ssh/sshd_config

#comment out the below line and add a line like below
#Subsystem sftp /usr/libexec/openssh/sftp-server
Subsystem sftp internal-sftp

# add Below lines at the end of file
Match Group sftp_users
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory %h
ForceCommand internal-sftp


ChrootDirectory %h – This is the path(default user’s home directory) that will be used for chroot after the user is authenticated. So, for sftp_user, this will be /home/sftp_user.


[root@sftp ~]# systemctl restart sshd.service

[root@sftp ~]# chmod 755 /home/sftp_user/
[root@sftp ~]# chmod 755 /home/sftp_user
[root@sftp ~]# chown root /home/sftp_user
[root@sftp ~]# chgrp -R sftp_users /home/sftp_user

[root@sftp ~]# mkdir /home/sftp_user/upload
[root@sftp ~]# chown sftp_user. /home/sftp_user/upload/
[root@sftp ~]#

[root@sftp ~]# setsebool -P ssh_chroot_full_access on
Boolean ssh_chroot_full_access is not defined
[root@sftp ~]#
[root@sftp ~]#
[root@sftp ~]#
[root@sftp ~]# ssh sftp_user@10.88.13.111
sftp_user@10.88.13.111's password:
This service allows sftp connections only.
Connection to 10.88.13.111 closed.

[root@sftp ~]# sftp sftp_user@10.88.13.111
sftp_user@10.88.13.111's password:
Connected to 10.88.13.111.
sftp> pwd
Remote working directory: /
sftp>