Starting off we want to open our sshd configuration file. This can be done with:
sudo nano /etc/ssh/sshd_config
We are going to add the following lines to the end of the file:
Match group sftp ChrootDirectory /home X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
Next up, we've got to create our sftp group and a user for it. The following line will create a group named sftp, then create a user named ftpaccount, and to finish it will assign the new user to the sftp group.
sudo addgroup sftp && sudo useradd ftpaccount -g sftp
Since we set the sftp root to be the user's home directory, let's lock it down so that other users on the system won't be able to snoop. We chose 700 for this because it gives full Read Write and eXecute permissions to the user, but restricts group and public access.
sudo chmod 700
All that is left to do is test our changes. The simplest way would be to open a terminal and do the following:
It will likely prompt you about the server's authenticity not being able to be established. Accept and continue connecting. It will then ask for your ftp user's password. If everything went accordingly, you should see something similar to this:
Connected to bananaftpguy@ipaddress.
You have successfully enabled and configured SFTP on your server! For more in-depth options and examples, check out the openssh documentation over at https://www.openssh.com/manual.html