A while ago I configured my server for sftp access using a key instead of a password. These are the notes I took when I did it but I haven’t tested it again, but I hope it works.
1. Edit ssh_config, add sftpuser in AllowUsers:
AlllowUsers youruser john mary sftpuser
2. Change where key files are located. Instead of the default ~/.ssh, it is important to put all the keys in a universal place. With the standard path of AuthorizedKeysFile, the public key authentication will fail for chrooted-users because they don’t have a home like all other users. To fix this, we set the AuthorizedKeysFile to a root-owned, non-worldwritable directory and move existing users’ keys.
AuthorizedKeysFile /etc/ssh/authorized_keys/%u Match User sftpuser ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no PermitTunnel no X11Forwarding no
3. Run this
$ useradd sftpuser $ mkdir /home/sftpuser $ chown root:root /home/sftpuser/ $ chmod 755 /home/sftpuser/ $ cd /home/sftpuser $ mkdir data $ chown sftpuser:sftpusr data