# mkdir -p /srv/ssh/chroot
# mkdir -p /etc/ssh/authorized_keys /srv/ssh/chroot
# groupadd sftponly
# useradd -G www-data -g sftponly -s /usr/sbin/nologin -d /srv/ssh -N USERNAME
# find /var/www/static -type d -print0 | xargs -0 chmod g+xwr
# find /var/www/static -type f -print0 | xargs -0 chmod g+wr
# chmod 775 /var/www/static /srv/ssh/chroot
# mount -o bind /var/www/static /srv/ssh/chroot
- /etc/ssh/sshd_config
Subsystem sftp internal-sftp -u 0002
AuthorizedKeysFile /etc/ssh/authorized_keys/%u %h/.ssh/authorized_keys .ssh/authorized_keys
Match Group sftponly
ChrootDirectory %h
ForceCommand internal-sftp -u 0002
AllowTcpForwarding no
X11Forwarding no
PasswordAuthentication no
- /etc/fstab
LABEL=cloudimg-rootfs / ext4 defaults,discard 0 0
/var/www/static /srv/ssh/chroot none bind 0 0