# set up SFTP (https://devtidbits.com/2011/06/29/implement-a-sftp-service-for-ubuntudebian-with-a-chrooted-isolated-file-directory/)
# install openssh-server
sudo apt-get install openssh-server
# add new group
sudo groupadd sftpconnect
# get new group's id
cat /etc/group
# add new user
sudo useradd sftpuser -d / -g [sftpconnect group id] -M -N -o -u [sftpconnect group id]
# -d is the user home directory which needs to be set to / (root)
# -g is the user group id to assign
# -M stops the useradd command creating a home directory
# -N stops the useradd command creating a group with the same name as the new user
# -u is the user id, which in our case needs to be the same id value as sftpconnect
# -o allows duplicate, non-unique user ids
# set password
sudo passwd sftpuser
# change in /etc/ssh/sshd_config
Subsystem sftp /usr/lib/openssh/sftp-server
# to
Subsystem sftp internal-sftp
# add this to the end of the file
Match group sftpconnect # assigns the following rules to members of sftpconnect
ChrootDirectory /var/www # change root directory
X11Forwarding no # disables X11 forwarding
AllowTcpForwarding no # disables TCP forwarding
ForceCommand internal-sftp # forces internal-sftp
# set permissions and ownership for the root driectory just set up for sftp
sudo chmod -R 755 /var/www permission
sudo chmod -R 755 /var/www/html permission
sudo chown -R root:sftpconnect /var/www/html
# and restart
sudo service ssh restart