SFTP access to user in a different users folder - Ubuntu

Scenario: You have a user you wish to give access to a specific set of folders only via SFTP.

This one was annoying me so I have made a list of all actions required in order to get this to work.

Step 1

Make the user

sudo adduser username

Step 2

Make a group

sudo groupadd groupname

Step 3

Add all users who will need access to this folder to this group

sudo usermod -aG groupname username

Step 4

Get your users SSH keys setup as this will be more difficult to do afterwards.

sudo su username

mkdir .ssh

nano .ssh/authorized_keys

Paste the key(s) required

ctrl + o to save

exit 

Step 5

Set access to the folders. For a jail root to work, each folder and its parent must be owned by root.

sudo chown root:groupname /home/accessuser/folderforjailing

sudo chown root:accessuser /home/accessuser/folderforjailing

Step 6

Remove world read access

sudo chmod 0750 /home/accessuser

sudo chmod 0750 /home/accessuser/folderforjailing 

Step 7

Change access in sshd config

sudo nano /etc/ssh/sshd_config

Find the line below and comment it out with a # at the start

Subsystem      sftp    /usr/lib/openssh/sftp-server

Add the following lines replacing folder names as necessary

Subsystem sftp internal-sftp

Match Group groupname

   ChrootDirectory /home/accessuser/folderforjailing

   ForceCommand internal-sftp

   X11Forwarding no

   AllowTCPForwarding no

   PasswordAuthentication no

 Step 8

Restart ssh

sudo service ssh restart

Step 9

Login for sftp should now work