SFTP

Start the SSHD service and ensure it starts with the server

# systemctl enable sshd.service
# systemctl start sshd.service

2

Setup the SSH Deamon - some VI knowledge required

# vi /etc/ssh/sshd_config

Comment the following line (add a hash before it)

Subsystem sftp /usr/local/libexec/sftp-server

and add the following just below it, I recommend using tab instead of spaces

Subsystem sftp internal-sftp

Now scroll to the end of the config file and add the following to create the match rule:

Match Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no

Save the config file and close it. (Press ESC and type 'wq!')

3

Reload the SSH Deamon

# systemctl restart sshd.service

4

Let's add the user(s) and group (I used John as an example):

# groupadd sftponly
# useradd john -g sftponly -s /bin/false
# passwd john

5

Add folders (for the user to read and write data from):

# mkdir /home/john/datadir
# chown root /home/john
# chmod 755 /home/john
# chown john /home/john/datadir
# chmod 755 /home/john/datadir

6

Stop SELinux from interfering with our jail

# setsebool -P ssh_chroot_rw_homedirs on

https://community.spiceworks.com/how_to/112551-setup-a-sftp-server-running-on-centos-linux-7