SFTP setup troubles


I am trying to set up a SFTP server for file transfer over the web. The computer is running Debian.

Initially I set up glFTPd which was configured as FTPS, but for some reason people get really crippled transfer speeds. I were recommended by a couple to instead try SFTP.

However, compared to glFTPd which had a nice install script and basically just needed to open the port ranges in my router, SFTP is a whole different story. Somehow I just don’t find this easy to set up at all.

I created a usergroup called “filetransfer”, and a user with the following: “sudo useradd -g filetransfer -d /glftpd/site username”.

Then I added the following to /etc/ssh/sshd_config (anything else is commented out):
Subsystem sftp internal-sftp

Match Group filetransfer
ChrootDirectory /glftpd/site
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

The folder structure I want to use is owned by root.

When I attempt to log in, I get a “client_loop: send disconnect: Broken pipe” error message.

If I change the ChrootDirectory to /, I get to log in, but have the issue that the user can access the entire file system of the computer. If I change the user home folder, when logging in, I end up in the new home directory rather than the FTP folder I want.

How I want this to work: All users log into /glftpd/site, and can’t go below this folder structure and see the entire computer file system. I want users locked to this directory and subdirectories. I wish to keep my current glFTPd site directory, as I sometimes use standard FTP with legacy systems. Essentially I want both the FTP and SFTP to share the same folder structure.

Most examples on the web involve each user getting their own separate private folders, which is not what I want. I have tried to adapt the examples to fit my use, but apparently I am missing something. Any suggestions?

Change ChrootDir to /glftpd if you have only site in it. Or make extra subdir for example /glftpd/site/site.

Edit: Also if you have just one user for all, then you can use Match User instead Group

Ah, and user home dir has to be /site

1 Like

Ah, perfect! I knew it had to be something simple… All working now.

Made a new folder inside glftpd, moved the site directory into that, changed the ChrootDirectory to /glftpd/jail (the new directory) and changed the user home directory to just /site.

Now the users can’t browse the entire file system, and logging in puts them in the correct folder.

Thank you, misiektw!

Cheers :slight_smile: