Cookbook to set up a chroot-jailed SCP/SFTP server
Ruby Shell HTML
Latest commit cd9d768 Dec 13, 2016 @eherot eherot Version bump 3.0.7
Failed to load latest commit information.
files/default Process uploads: Make sure the algorithm for REMOVING slug random num… Dec 13, 2016
recipes Have upload scripts use their own sentry dsn Aug 9, 2016
test/integration Have upload scripts use their own sentry dsn Aug 9, 2016
.kitchen.yml Test that sudo privileges have been properly allocated Mar 25, 2016
.rubocop.yml Update RuboCop config Mar 15, 2016
LICENSE Add working passwords to test users data bag item Mar 26, 2014
chefignore Ensure Berksfile & lock are uploaded to Chef Server Jun 6, 2014


A cookbook to provision an SFTP server which a collection of chroot jailed users. Primarily aimed at situations where end users need simple, but limited, SCP/SFTP access to provide data (e.g., automated importing).

Supported Platforms

  • Ubuntu 12.04


Key Type Description Default
['openssh']['server']['port'] Array Ports OpenSSH listens on %w(22 43827)
['openssh']['server']['permit_root_login'] String Allow remote root logins 'no'
['openssh']['server']['password_authentication'] String Allow password logins 'yes'
['openssh']['server']['subsystem'] String Set a subsystem for OpenSSH 'sftp /usr/lib/sftp-server'
['openssh']['server']['match'] Hash Provide a match config for OpenSSH see below
set['openssh']['server']['match'] = {
  'Group uploadonly' => {
    'chroot_directory' => '%h',
    'force_command' => 'internal-sftp',
    'allow_tcp_forwarding' => 'no'



Include et_upload in your node's run_list:

  "run_list": [

For testing purposes, the users upload data bag item exists. The password for each user is password, salted & encrypted to best resemble a real password & allow for logging in via SFTP to do manual testing of SFTP functionality.


  1. Fork the repository on Github
  2. Create a named feature branch (i.e. add-new-recipe)
  3. Write you change
  4. Write tests for your change (if applicable)
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request

License and Authors

Author:: EverTrue, Inc. (