Tutorial

Guide for Setting up SFTP Server in Linux

This tutorial will give you a handy guide to install and setup a SFTP server in Linux.

seeni
seeni

What is SFTP?

SFTP stands for SSH File Transfer Protocol. You guessed it correct. It is version of FTP that uses SSH on top. It allows users to upload and download files to and from a Linux server through an encrypted connection. FTP does the same without encryption and this is why SFTP is preferred over FTP these days.

Let’s see how you can set up a SFTP server on a Linux system.

Setting up SFTP Server on Linux

Sftp Server Set Up

I have used Ubuntu in this tutorial. The installation commands are specific to Ubuntu and Debian but the rest of the steps can be followed in any other Linux distribution.

To perform the steps, you need have sudoer rights. So if you don’t sudo rights, contact your system administrator. If you are the one, please read about creating sudo user in Ubuntu.

Setting up SFTP is very easy. Before going to that, you need to have OpenSSH installed in the server side and SSH package in the client side.

I have discussed setting up SSH on Ubuntu in detail in a separate article, I’ll just mention the important steps here.

To install OpenSSH in server, you can use the following command:

sudo apt install openssh-server

You also need SSH on the system from where you are going to access the SFTP server.

sudo apt install ssh

After this is done, you will have everything ready to setup SFTP. It’s done in three steps and I am going to show it to you one-by-one.

Step 1: Create Groups, Users, Directories

To use SFTP (or any other service in general) safely, it is best to create groups and users to use that service and only that service. “It is best to give one specific right to one specific entity”.

In case if you want to give SFTP access and also normal system access, create users such that it is easy to identify them according to service. For example, if seeni is used for normal system access then seenisftp can be used for SFTP access. Using this method will be easier on the administration side.

Let’s create a group named “sftpgusing groupadd command:

sudo groupadd sftpg

Let’s create a user named “seenisftp” and add him to the above group and give him a password.

sudo useradd -g sftpg seenisftp 
sudo passwd seenisftp

In the useradd command, -g option tells the group to which user should be added. You can list all the users in Linux and verify that the new user is has added.

Let’s assume you want to use the directory /data/ as your root for sftp and /data/USERNAME for each user. So when users login through sftp, they should be in /data/USERNAME as their default directory (Just like you are in /home/USERNAME directory when you login into the Linux system through SSH). Also, assume a constraint that they can read files from that directory but can upload only to uploads directory.

Let’s create the directories and change their access and ownership as follows (read about file permissions in Linux to know more about it).

sudo mkdir -p /data/seenisftp/upload
sudo chown -R root.sftpg /data/seenisftp
sudo chown -R seenisftp.sftpg /data/seenisftp/upload

One thing that might confuse is giving ownership of the user’s directory to the root itself. This is mandatory for chrooting in SFTP. So make sure that owner of the /data/USERNAME is root.

As of now, we have user named seenisftp with group sftpg and with access permissions set for /data/seenisftp.

Step 2: Configure sshd_config

Next is you need to configure ssh server so that whenever user belonging to sftpg group logs in, he/she gets into sftp instead of the normal shell you get through ssh. Append the following snippet to /etc/ssh/sshd_config if not already present.

Match Group sftpg ChrootDirectory /data/%u ForceCommand internal-sftp

In the above snippet, ChrootDirectory allows the specified directory to be made as the root (“/” directory ) node in the directory tree. The logged in user cannot see anything above that directory. So it will stop the current user from accessing other user’s files through sftp. %u is the escape code for filling it with the current username at the time of login. When seenisftp logins through sftp, he will be in /data/seenisftp as his root directory. He will not be able to see anything above it.

Step 3: Restart the service

To make changes we made to sshd_config live, restart the service as follows.

sudo systemctl restart sshd

Accessing SFTP via Linux command line

You can login into SFTP as you normally would do with SSH.

sftp [email protected]

Sample SFTP commands

SFTP commands are usually of the following format.

COMMAND [SOURCE] [DESTINATION]

For any command, arguments may be either local system paths or remote system paths. There is no specific visible distinction between them. You can specify the path as normal after considering the whether the argument is local or remote.

GET – download contents from remote server to the local system. Below command downloads remote file poster.img to the local system’s ~/Pictures directory.

GET poster.img ~/Pictures

PUT – Upload contents form the local system to the remote system. Below command uploads the ~/Pictures/poster2.jpg into my uploads directory.

PUT ~/Pictures/poster2.jpg uploads/

RM – To remove the files in the remote system. This is very similar to rm command. You can see that from below command which deletes an image at uploads/poster3.jpg

RM uploads/poster3.jpg

Above commands are very basic and are sufficient enough to explore the FTP/SFTP server. If you want to know more, either use help command or use this resource.

I hope this article helped you in setting up SFTP server on Linux.

Tell us in comments about what is your SFTP file system setup. Is it like mentioned in this article or a pooled directory or anything else?

If you found this article useful, share it with your friends. If you have suggestions, feel free to drop them below.



Join the conversation.