The last releases of ProFTP contan a module, called mod_sftp. Yes. This is just the thing I was searching for years, trying to achive chrooted ssh with OpenSSH (see internal SFTP option), but now with  a lot better solution.

But the thing is… Ubuntu’s last LTS, 10.04 only has a version lower of ProFTPd. Compile? Yes, one solution, the hardcore way. The lazy way: Debian Sid, the current unstable version, and it’s packages:

First, the two dependencie package:

http://packages.debian.org/sid/amd64/libncurses5/download
http://packages.debian.org/sid/amd64/libssl0.9.8/download

And the ProFTPd itself:

http://packages.debian.org/en/sid/amd64/proftpd-basic/download

dpkg -i *, and there you go. Of course, you have to enable it.

Edit /etc/proftpd/modules.conf:

comment out the line

LoadModule                mod_tls.c

since we don’t need it, and add a line

LoadModule                mod_sftp.c

Also, edit /etc/proftpd/proftpd.conf, and add the following:

<IfModule mod_sftp.c>

SFTPEngine on
SFTPLog /var/log/proftpd/sftp.log
TransferLog /var/log/proftpd/xferlog-sftp.log

# Configure the server to listen on the normal SSH2 port, port 22
Port 22

# Configure both the RSA and DSA host keys, using the same host key
# files that OpenSSH uses.
SFTPHostKey /etc/ssh/ssh_host_rsa_key
SFTPHostKey /etc/ssh/ssh_host_dsa_key

# Configure the file used for comparing authorized public keys of users.
SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys

# Enable compression
SFTPCompression delayed

# Allow the same number of authentication attempts as OpenSSH.
#
# It is recommended that you explicitly configure MaxLoginAttempts
# for your SSH2/SFTP instance to be higher than the normal
# MaxLoginAttempts value for FTP, as there are more ways to authenticate
# using SSH2.
MaxLoginAttempts 3

</IfModule>

You’ll also need the change the port of the OpenSSH server, but that’s recommended anyway.