It took at least an hour of Googling to find this solution, so I’m posting it here for reference and hopefully it could help others.
If you’re not using a chroot jail, you can follow this: http://jeff.robbins.ws/articles/setting-the-umask-for-sftp-transactions
This involves setting the umask in sshd_config in the Subsystem line, however, it doesn’t work for chrooted users as the umask gets set, ssh session starts and the chroot recreates the umask info (this is how I understand it, anyway).
So if you’re using chroot for users, you probably have something similar to this in your sshd_config:
Subsystem sftp internal-sftp
UsePAM yes
Match user username
ChrootDirectory /path/to/directory
ForceCommand internal-sftp
You should then edit the file /etc/pam.d/sshd and add the following:
session optional pam_umask.so umask=0002
And in /etc/profile, if it’s not already there (it was for me on Ubuntu 10.10), add the following at the bottom:
umask 022
And that’s it. internal-sftp does not execute any shells so it won’t take any notice of information in profile/login/rc etc, however, pam authentication is used so the configuration is seen there instead (unless, of course, you’ve turned it off).
Ref: http://ubuntuforums.org/archive/index.php/t-1107974.html