SFTP is often used to transfer files in addition to usual shell access in SSH, by generic users.
In some scenarios, is possible to use OpenSSH SFTP server as a pure file transfer service to replace the traditional FTP service

  * Create SFTP only users with a common primary group, such as **ftp**
  * Set home to the file sharing directory  for those users
  * Set default shell to **nologin(8)** or **false(1)** to reject shell access for those users
  * Set password for those users normally if you want to use password authentication method
  * Modify **sshd_config(5)** (usually ''/etc/ssh/sshd_config''), adding followings:
<code sshd_config>
Match Group ftp
	ChrootDirectory %h
	ForceCommand internal-sftp
	AllowTcpForwarding no
	X11Forwarding no
	PermitTTY no
	PermitTunnel no
</code>
The above configuration mean for every users with **ftp** group logging from SSH, **chroot(2)** the session processes to their home directory, and allowing only SFTP session.
If you need to use public key authentication method for SFTP users, add
<code sshd_config>
	AuthorizedKeysFile /etc/ssh/ftp_authorized_keys.%u
</code>
and add public keys in ''/etc/ssh/ftp_authorized_keys.<user-name>''.
  * Restart **sshd(8)**

Since file transfer usually uses large amount traffic through the SSH server **sshd(8)**; it may be desirable to switch to the [[https://www.psc.edu/hpn-ssh|High-performance SSH]] for **sshd(8)**. High-performance SSH is a fork of OpenSSH that use dynamic transfer buffer size and multi-threading AES-CTR cipher implementation to improve data transfer performance for SSH. Refer to its website on how to install and tune this implementation.