What is SFTP?
Sftp Server
SFTP stands for SSH File Transfer Protocol. You guessed it correct. It is version of FTP that uses SSH on top. It allows users to upload and download files to and from a Linux server through an encrypted connection. FTP does the same without encryption and this is why SFTP is preferred over FTP these days.
Let’s see how you can set up a SFTP server on a Linux system.
Setting up SFTP Server on Linux
Feb 08, 2021 OpenSSH allows you to set up a per-user configuration file where you can store different SSH options for each remote machine you connect to. This article covers the basics of the SSH client configuration file and explains some of the most common configuration options. Note:During key generation, OpenSSH checks to see if there is a.ssh folder underneath the user's home directory. If one does not exist, the folder will be created in the user's home directory and the public/private key pair will be stored in it. The public key will have a.pub extension; for example, idrsa.pub or idecdsa.pub. Installing SFTP/SSH Server on Windows using OpenSSH Recently, Microsoft has released a port of OpenSSH for Windows. You can use the package to set up an SFTP / SSH server on Windows.
I have used Ubuntu in this tutorial. The installation commands are specific to Ubuntu and Debian but the rest of the steps can be followed in any other Linux distribution.
Openssh-sftp-server
To perform the steps, you need have sudoer rights. So if you don’t sudo rights, contact your system administrator. If you are the one, please read about creating sudo user in Ubuntu.
Setting up SFTP is very easy. Before going to that, you need to have OpenSSH installed in the server side and SSH package in the client side.
I have discussed setting up SSH on Ubuntu in detail in a separate article, I’ll just mention the important steps here.
To install OpenSSH in server, you can use the following command:
You also need SSH on the system from where you are going to access the SFTP server.
After this is done, you will have everything ready to setup SFTP. It’s done in three steps and I am going to show it to you one-by-one.
Step 1: Create Groups, Users, Directories
To use SFTP (or any other service in general) safely, it is best to create groups and users to use that service and only that service. “It is best to give one specific right to one specific entity”.
In case if you want to give SFTP access and also normal system access, create users such that it is easy to identify them according to service. For example, if seeni is used for normal system access then seenisftp can be used for SFTP access. Using this method will be easier on the administration side.
Let’s create a group named “sftpg” using groupadd command:
Openssh Sftp
Let’s create a user named “seenisftp” and add him to the above group and give him a password.
In the useradd command, -g option tells the group to which user should be added. You can list all the users in Linux and verify that the new user is has added.
Let’s assume you want to use the directory /data/ as your root for sftp and /data/USERNAME for each user. So when users login through sftp, they should be in /data/USERNAME as their default directory (Just like you are in /home/USERNAME directory when you login into the Linux system through SSH). Also, assume a constraint that they can read files from that directory but can upload only to uploadsdirectory.
Let’s create the directories and change their access and ownership as follows (read about file permissions in Linux to know more about it).
One thing that might confuse is giving ownership of the user’s directory to the root itself. This is mandatory for chrooting in SFTP. So make sure that owner of the /data/USERNAME is root.
As of now, we have user named seenisftp with group sftpg and with access permissions set for /data/seenisftp.
Step 2: Configure sshd_config
Next is you need to configure ssh server so that whenever user belonging to sftpg group logs in, he/she gets into sftp instead of the normal shell you get through ssh. Append the following snippet to /etc/ssh/sshd_config if not already present.
Match Group sftpg ChrootDirectory /data/%u ForceCommand internal-sftp
In the above snippet, ChrootDirectory allows the specified directory to be made as the root (“/” directory ) node in the directory tree. The logged in user cannot see anything above that directory. So it will stop the current user from accessing other user’s files through sftp. %u is the escape code for filling it with the current username at the time of login. When seenisftp logins through sftp, he will be in /data/seenisftp as his root directory. He will not be able to see anything above it.
Step 3: Restart the service
To make changes we made to sshd_config live, restart the service as follows.
Accessing SFTP via Linux command line
You can login into SFTP as you normally would do with SSH.
Sample SFTP commands
Openssh Sftp Debug
SFTP commands are usually of the following format.
For any command, arguments may be either local system paths or remote system paths. There is no specific visible distinction between them. You can specify the path as normal after considering the whether the argument is local or remote.
GET – download contents from remote server to the local system. Below command downloads remote file poster.img to the local system’s ~/Pictures directory.
PUT – Upload contents form the local system to the remote system. Below command uploads the ~/Pictures/poster2.jpg into my uploads directory.
RM – To remove the files in the remote system. This is very similar to rm command. You can see that from below command which deletes an image at uploads/poster3.jpg
Above commands are very basic and are sufficient enough to explore the FTP/SFTP server. If you want to know more, either use help command or use this resource.
I hope this article helped you in setting up SFTP server on Linux.
Tell us in comments about what is your SFTP file system setup. Is it like mentioned in this article or a pooled directory or anything else?
If you found this article useful, share it with your friends. If you have suggestions, feel free to drop them below.
Openssh Sftp Windows Server 2016
Become a Member for FREE
Join the conversation.