I'm trying to make a user kake_sftp that can log in to the web server located at /var/www/html or similar. I know chroot needs some additional subdirectiories for the permissions to work out, so I'm fine with adding new folders or changing the folder layout a bit.
I created the user in group www-data and with home directory in /var/www/html
$ cat /etc/passwd | grep kake_sftp
kake_sftp:x:1001:1001::/var/www/html:/bin/bash
$ groups kake_sftp
kake_sftp : kake_sftp www-data
Then I did some changes in /etc/ssh/sshd_config. I replaced "Subsystem sftp /usr/lib/openssh/sftp-server" with "Subsystem sftp internal-sftp" and I added the following lines at the end
Match User kake_sftp
ChrootDirectory /var/www
ForceCommand internal-sftp
AllowTcpForwarding no
The permissions of the www folder is set as follows.
$ ls -la /var/www
drwxrwxr-x 3 root root 4096 Apr 7 12:17 .
drwxr-xr-x 12 root root 4096 Apr 4 10:17 ..
drwxr-xr-x 2 root www-data 4096 Apr 4 11:34 html
When I now try to log in with Filezilla set to sftp. I get the following error.
Error: Network error: Software caused connection abort
Error: Could not connect to server
When I try to log in with my main user via sftp, it works like a charm. So there isn't a problem with the client.
