How can I create a user only for sftp?

Solution 1:

The command you should use to change the shell is chsh. The nologin shell can be /sbin/nologin or /usr/sbin/nologin (check which you have by looking in /etc/shells) but /bin/false would probably be a better choice.

chsh -s /bin/false user

You should consider setting up something like scponly which will do exactly what you want.

Solution 2:

You should also be able to do it with OpenSSH 4.9 and up, with which you can additionally chroot the user for increased security.

In your /etc/ssh/sshd_config:

Match User user
ChrootDirectory /home/user
ForceCommand internal-sftp
AllowTcpForwarding no

Then run:

chsh -s /bin/false user
chown root:root /home/user
mkdir /home/user/uploads
chown user /home/user/uploads

The user will only be able to write in /home/user/uploads.

Solution 3:

I think the best way is with mysecureshell

You can chroot a user with this easily and even limit bandwidth if needed.