My Journey Creating an SFTP User from Scratch (And Fixing Real-World Errors)

1. Introduction

• Why I needed an SFTP user setup (new server, secure file transfers, project requirements)
• Goal: Create a secure SFTP user, isolate their uploads, and automate the process.

2. Steps I Took

• Created a new Linux user dedicated for SFTP.
• Ensured the user was locked to SFTP-only access (no SSH shell).
• Setup chroot environment to restrict access only to a specific directory.
• Configured sshd server settings.
• Mounted the business upload directory into user's chroot jail.

3. Real Challenges I Faced

sftponly group missing ⇨ Created the group before user creation        

/home/chroot missing  ⇨ Created the parent directory before creating user        

Permissions issues ⇨ Set correct root:root ownership on chroot folders        

FileZilla showed "Could not connect to server" after login ⇨ Fixed SSHD configuration and permissions        

Forgot to mount the upload directory ⇨ Used mount --bind and updated /etc/fstab        

4. Key Commands I Used

# Ensure group exists
getent group sftponly || groupadd sftponly

# Create user
useradd -d /home/chroot/username -s /usr/sbin/nologin -m -G sftponly username
echo "username:password" | chpasswd

# Setup permissions
chown root:root /home/chroot/username
mkdir -p /home/chroot/username/ftp_uploads
chown username:sftponly /home/chroot/username/ftp_uploads

# Mount
mount --bind /var/www/uploads /home/chroot/username/ftp_uploads        

📣 Very important — Example of correct minimal /etc/ssh/sshd_config changes:

Subsystem sftp internal-sftp

Match Group sftponly
    ChrootDirectory /home/chroot/%u
    ForceCommand internal-sftp
    AllowTcpForwarding no
    X11Forwarding no        

5. Key Lessons I Learned

• Always check and set the correct folder permissions for chroot.
• SSHD logs are your best friend (/var/log/auth.log or /var/log/secure).
• Test step-by-step — do not try all at once.
• Good error messages help you more than random guessing.
• Automation with scripts saves huge time!

#Linux #SFTP #DevOps #SysAdmin #Automation

If you're trying SFTP setup on your own — don't worry about failures! Every error teaches something. Feel free to connect if you want to discuss Linux or DevOps setups!