Hello,
I came across this discussion while looking for information on SFTP chroot. I just wanted to share an alternative approach that is a bit simpler, in case it helps.
The solution proposed by myVesta works well, but I found it a bit complex (especially with the `mount --bind` part). Another method, which I use on my servers, involves configuring the chroot directly in `/etc/ssh/sshd_config` as follows:
Code: Select all
Subsystem sftp internal-sftp
Match User ton_utilisateur
ChrootDirectory /home/ton_utilisateur
ForceCommand internal-sftp
PasswordAuthentication yes
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
Note that with this method, the `/home/your_user` directory must be owned by root and must not be writable by the end user. The user's files must be placed in a subdirectory (e.g., `uploads/`) that they own.
The advantage: there is no need to manage a separate group or set up bind mounts. The downside: it completely blocks SSH access (allowing only SFTP), which can be an issue if the user needs a shell for other purposes.
In my case, it works perfectly for accounts used solely for FTP/SFTP.
Have a great day.