OpenSSH comes with a SFTP server. First install OpenSSH Server.
sudo apt install openssh-server
Create sftponly group
sudo groupadd sftponly
Create the SFTP directory. The ChrootDirectory set in sshd_config must be owned by root and only writeable by root.
sudo mkdir /sftp/
sudo chown root:sftponly /sftp/
sudo chmod 2755 /sftp/
# The leading 2 is for g+s
If the ChrootDirectory is not owned by root you will get the following error:
packet_write_wait: Connection to 127.0.0.1 port 22: Broken pipe
Couldn't read packet: Connection reset by peer
Configure SFTP server
sftponly groupAdd the following to the bottom of /etc/ssh/sshd_config
Match Group sftponly
ChrootDirectory /sftp/
ForceCommand internal-sftp
AllowTcpForwarding no
sudo service ssh restart
You can create directories inside and just copy files into them and they will be owned by the sftponly group.
sudo mkdir /sftp/files/
# Allow sftponly users to upload files
sudo chmod 2775 /sftp/files/
sudo cp file /sftp/files/
You can create a new user in the sftponly group and use that user and password to login to the SFTP server.
sudo useradd -M -G sftponly $newUser
sudo passwd $newUser
# set password
sudo -u $newUser sftp localhost
To add your user to the group
sudo usermod -a -G sftponly $USER
In order for your user to actually be in the sftponly group you need to log in after the usermod command.
The safest thing to do is to compare your current groups with the new groups while you are still in the current environment.
I forgot the -a in the usermod command and had to use GRUB to get a root terminal and add my user back to the correct groups.
groups
id
With the groups after login
su - $USER
groups
id
The only difference should be the sftponly group.