What is SFTP?
SFTP stands for SSH File Transfer Protocol. You guessed it correct. It is version of FTP that uses SSH on top. It allows users to upload and download files to and from a Linux server through an encrypted connection. FTP does the same without encryption and this is why SFTP is preferred over FTP these days.
Let’s see how you can set up a SFTP server on a Linux system.
Setting up SFTP Server on Linux
I have used Ubuntu in this tutorial. The installation commands are specific to Ubuntu and Debian but the rest of the steps can be followed in any other Linux distribution.
To perform the steps, you need have sudoer rights. So if you don’t sudo rights, contact your system administrator. If you are the one, please read about creating sudo user in Ubuntu.
Setting up SFTP is very easy. Before going to that, you need to have OpenSSH installed in the server side and SSH package in the client side.
I have discussed setting up SSH on Ubuntu in detail in a separate article, I’ll just mention the important steps here.
To install OpenSSH in server, you can use the following command:
sudo apt install openssh-server
You also need SSH on the system from where you are going to access the SFTP server.
sudo apt install ssh
After this is done, you will have everything ready to setup SFTP. It’s done in three steps and I am going to show it to you one-by-one.
Step 1: Create Groups, Users, Directories
To use SFTP (or any other service in general) safely, it is best to create groups and users to use that service and only that service. “It is best to give one specific right to one specific entity”.
In case if you want to give SFTP access and also normal system access, create users such that it is easy to identify them according to service. For example, if seeni is used for normal system access then seenisftp can be used for SFTP access. Using this method will be easier on the administration side.
Let’s create a group named “sftpg” using groupadd command:
sudo groupadd sftpg
Let’s create a user named “seenisftp” and add him to the above group and give him a password.
sudo useradd -g sftpg seenisftp sudo passwd seenisftp
Let’s assume you want to use the directory /data/ as your root for sftp and /data/USERNAME for each user. So when users login through sftp, they should be in /data/USERNAME as their default directory (Just like you are in /home/USERNAME directory when you login into the Linux system through SSH). Also, assume a constraint that they can read files from that directory but can upload only to uploads directory.
Let’s create the directories and change their access and ownership as follows (read about file permissions in Linux to know more about it).
sudo mkdir -p /data/seenisftp/upload sudo chown -R root.sftpg /data/seenisftp sudo chown -R seenisftp.sftpg /data/seenisftp/upload
One thing that might confuse is giving ownership of the user’s directory to the root itself. This is mandatory for chrooting in SFTP. So make sure that owner of the /data/USERNAME is root.
As of now, we have user named seenisftp with group sftpg and with access permissions set for /data/seenisftp.
Step 2: Configure sshd_config
Next is you need to configure ssh server so that whenever user belonging to sftpg group logs in, he/she gets into sftp instead of the normal shell you get through ssh. Append the following snippet to
/etc/ssh/sshd_config if not already present.
Match Group sftpg ChrootDirectory /data/%u ForceCommand internal-sftp
In the above snippet, ChrootDirectory allows the specified directory to be made as the root (“/” directory ) node in the directory tree. The logged in user cannot see anything above that directory. So it will stop the current user from accessing other user’s files through sftp. %u is the escape code for filling it with the current username at the time of login. When seenisftp logins through sftp, he will be in /data/seenisftp as his root directory. He will not be able to see anything above it.
Step 3: Restart the service
To make changes we made to sshd_config live, restart the service as follows.
sudo systemctl restart sshd
Accessing SFTP via Linux command line
You can login into SFTP as you normally would do with SSH.
Sample SFTP commands
SFTP commands are usually of the following format.
COMMAND [SOURCE] [DESTINATION]
For any command, arguments may be either local system paths or remote system paths. There is no specific visible distinction between them. You can specify the path as normal after considering the whether the argument is local or remote.
GET – download contents from remote server to the local system. Below command downloads remote file poster.img to the local system’s ~/Pictures directory.
GET poster.img ~/Pictures
PUT – Upload contents form the local system to the remote system. Below command uploads the ~/Pictures/poster2.jpg into my uploads directory.
PUT ~/Pictures/poster2.jpg uploads/
RM – To remove the files in the remote system. This is very similar to rm command. You can see that from below command which deletes an image at uploads/poster3.jpg
Above commands are very basic and are sufficient enough to explore the FTP/SFTP server. If you want to know more, either use
help command or use this resource.
I hope this article helped you in setting up SFTP server on Linux.
Tell us in comments about what is your SFTP file system setup. Is it like mentioned in this article or a pooled directory or anything else?
If you found this article useful, share it with your friends. If you have suggestions, feel free to drop them below.