This is to ensure a secure file transfer to users.
1. Create a group called “sftponly” or you can name your group to your desired name.
groupadd sftponly
2. Create a user for sftp and assign a password. I will create “user1” as my first user in sftp.
useradd user1
passwd user1
3. Add the user to “sftponly” group.
usermod -aG sftponly user1
4. Modify the SSH daemon configuration to limit a group to sftp only.
vi /etc/ssh/sshd_config
#Locate the subsystem and replace it to the below.
Subsystem sftp internal-sftp
#Add the following lines below.
Match Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
5. Reload ssh deamon.
service sshd reload
6. Create a user directory where user1 can upload the files.
sudo -u user1 mkdir -pv /home/user1/upload
chown root. /home/user1
chmod 755 /home/user1
chgrp -R sftponly /home/user1
7. Tell SELinux that we want to upload files via SFTP to a chroot as it is read-only by default.
setsebool -P ssh_chroot_rw_homedirs on
8. Now try to console your sftp server to other linux machine. You can also use filezilla for windows to test.
sftp user1@<yoursftpserver>