Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Cookbook to set up a chroot-jailed SCP/SFTP server
Ruby Shell
Failed to load latest commit information.
attributes Use OpenSSH's built-in SFTP server & user jailing
recipes Handle user deletes
spec Remove ChefSpec Chef-Zero integration to make tests work again
templates/default Remove legacy code path
test/integration/default Stop using encrypted data bags for testing
.kitchen.yml Stop using encrypted data bags for testing
Berksfile Use OpenSSH's built-in SFTP server & user jailing Version bump 2.0.17
Gemfile Upgrade to Berkshelf ~> 3.1, ChefSpec ~> 4.0, RuboCop ~> 0.23
LICENSE Initial rev
Rakefile Remove Stove tasks from rakefile
chefignore Ensure Berksfile & lock are uploaded to Chef Server
metadata.rb Version bump 2.0.17


A cookbook to provision an SFTP server which a collection of chroot jailed users. Primarily aimed at situations where end users need simple, but limited, SCP/SFTP access to provide data (e.g., automated importing).

Supported Platforms

  • Ubuntu 12.04


Key Type Description Default
['openssh']['server']['port'] Array Ports OpenSSH listens on %w(22 43827)
['openssh']['server']['permit_root_login'] String Allow remote root logins 'no'
['openssh']['server']['password_authentication'] String Allow password logins 'yes'
['openssh']['server']['subsystem'] String Set a subsystem for OpenSSH 'sftp /usr/lib/sftp-server'
['openssh']['server']['match'] Hash Provide a match config for OpenSSH see below
set['openssh']['server']['match'] = {
  'Group uploadonly' => {
    'chroot_directory' => '%h',
    'force_command' => 'internal-sftp',
    'allow_tcp_forwarding' => 'no'



Include et_upload in your node's run_list:

  "run_list": [

For testing purposes, the users upload data bag item exists. The password for each user is password, salted & encrypted to best resemble a real password & allow for logging in via SFTP to do manual testing of SFTP functionality.


  1. Fork the repository on Github
  2. Create a named feature branch (i.e. add-new-recipe)
  3. Write you change
  4. Write tests for your change (if applicable)
  5. Run the tests, ensuring they all pass
  6. Submit a Pull Request

License and Authors

Author:: EverTrue, Inc. (

Something went wrong with that request. Please try again.