Setup SFTP to Public Directory (/var/www)
Configuring SSH for SFTP
vim /etc/ssh/sshd_config
-
Comment the following line:
Subsystem sftp /usr/local/libexec/sftp-server
-
Add the following lines:
Subsystem sftp internal-sftp
Match Group <sftp group>
ChrootDirectory %h
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
-
Save and close
- Reload ssh
sudo systemctl restart sshd
Add SFTP User and Set Permission
sudo groupadd <user> -g <sftp group> -s /bin/false -d /var/www/html
sudo passwd <user>
sudo chown root /var/www/html
sudo chmod 755 /var/www/html
sudo mkdir /var/www/html/<dir>
sudo chmod 775 /var/www/html/<dir>
sudo chown apache:apache /var/www/html/<dir>
sudo chmod g+s /var/www/html/<dir>
Selinux
sudo setsebool -P ssh_chroot_rw_homedirs on
sudo setsebool -P httpd_unified 1
sudo setfacl -d -m g:apache:rw /var/www/html/<dir>