An even more secure implementation will be to enable chroot. A chroot is a way of isolating applications from the rest of your computer, by putting them in jail. When you enable chroot on a user account, that account is isolated and can only access its directory and files and nowhere else. This brief tutorial is going to show students and new users how to set up sFTP on Ubuntu 16.04 / 17.10 and 18.04 with chroot enabled on Ubuntu home directories. To get started, continue with the steps below
Install Open SSH Server
If you haven’t already installed the Open SSH server, run the commands below to install it. After installing, the commands below can be used to stop, start and enable the service to always start up when the server boots.
Configure SFTP
Now that OpenSSH Server is installed, open its default configuration file by running the commands below. Then edit the file and change highlighted line below. add the # before the first line, then add the highlighted line just below it to enable SFTP. This will change the subsystem to internal-sftp only. Next, add the lines below at the end of the file or just below the highlighted line above. Save the file and exit. After editing the file, run the commands below to restart OpenSSH Server.
Create SFTP Group
Now that you have defined your SFTP settings and set them to match the sftp_users. create a sftp_users group, then add users you want to restrict via chroot. To create the group, run the commands below. Now add any user to the group by running the commands below. Replace user richard with your Ubuntu account name. this will add the user to the sftp_users group you created above. That’s it! Your system should be configured for secure SFTP for your users. Your user can use their favorite FTP client Filezilla to connect to the server securely via SFTP protocol. users will be restricted to their directories and nowhere else. Make sure to select SFTP connection in Filezilla. When you connect, you’ll be prompted to accept the server key. accept it and continue. Connect and use the SFTP service. Enjoy!