I am attempting to allow only sFTP connections to a specific folder
/etc/ssh/sshd_config
PermitRootLogin yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
Match Group demouser
# Force the connection to use SFTP and chroot to the required directory.
ForceCommand internal-sftp
ChrootDirectory /home/demouser/ftp/
# Disable tunneling, authentication agent, TCP and X11 forwarding.
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
I then run the following commands to create the account/folder
groupadd demouser
useradd -g demouser -s /sbin/nologin demouser
chown root:root /home/demouser
chmod 755 /home/demouser/
cd /home/demouser/
mkdir ftp
chown demouser:demouser ftp
The issue I am facing is I am unable to connect when the ChrootDirectory is set to /home/demouser/ftp/ but it works fine when I set it as /home/demouser it doesn't seem to work unless that is a child folder in the designated ChrootDirectory already made.
ChrootDirectory need to belong to root user and root group also need to have specific permissions
chown root:root ChrootDirectory
chmod 755 ChrootDirectory