OpenSSH: sftp-only chrooted user

To create a SSH user which is only allowed SFTP access (and is not allowed SSH/shell access), add the following to /etc/ssh/sshd_config:

Please note that for this to work, user's home directory must be owned by root - otherwise, sshd will refuse the login.

You may want to uncomment PasswordAuthentication line if you want to use password authentication with this user.

If you need this user for example to edit a web directory, a typical workaround is:

  • own user's homedir as root
  • mount bind a web directory into user's directory, for example, to /home/some-user/

This is how /etc/fstab entry should look like for a bind mount:

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.