Restricting a users SFTP access to one directory.

I am trying to set up my droplet so that an SFTP user can’t move up to view other directories above their own /home.

I added the following to sshd_config:

Match Group filetransfer ChrootDirectory %h X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp

Then I added the user the group filetransfer .

Then I added chown user:filetransfer /home

At that point the user is not able to log in via SFTP at all. What am I missing?



Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Check your /var/log/auth.log And make sure your sftp is unlocked in your firewall.