SFTP stands for Secure File Transfer Protocol that we used for secure data transfer to and from your local system. It works over SSH Protocol and hence is considered to be more secure than the simple FTP (File Transfer Protocol). Data transferring is a routine based task of every system administrator and other developers who need to make changes in their code.
So, in today’s article, we are going to show the detailed steps to configure SFTP Server and create users with their specified directory permissions.
For the demonstration, we are using the Ubuntu 20.04 LTS for the SFTP setup, but similar steps can be performed in case you are using the RHEL/CentOS Operating system.
Starting from the prerequisites, we need to make sure that we have sudo or root user privileges on the server where we need to create SFTP Users.
Let’s start by login into the system using ssh for which you can use the Putty or Shell terminal of your Linux Desktop.
# ssh -i key.pem [email protected]_server_ip
# sudo -i
You can also directly login to your system as well, but make sure to use your own username and credentials.
Step 1: Creating New SFTP Only User
Creating a new user for SFTP is as similar as we do for adding any other general users. But in order to restrict that to be used for SFTP purposes only, we will assign it to no login shell.
Run the command below to create an SFTP user by specifying its custom home directory.
# useradd -m -d /home/example.com sftp_user
Set the password of the newly created user using ‘passwd’ command as below.
# passwd sftp_user
Make sure to set a complex password for its security. Then assign it a nologin shell by modifying the ‘passwd’ file as below.
# vim /etc/passwd
Save and close using :wq! To apply changes.
Step 2: Setup Directory Permissions
After creating the new user, we need to set up the right directory permissions and ownership to the user’s directory that we have created in the first step.
# chmod 755 /home/example.com/
# chown root:root /home/example.com
Step 3: Restrict Directory Access
Now we have a new SFTP only user in place, next we need to restrict its directory access to be accessible to its specified home folder that we created.
In order to do so, we are going to modify the ssh configuration file by adding the following parameters.
# vim /etc/ssh/sshd_config
subsystem sftp internal-sftp Match User sftp_user ChrootDirectory %h AllowTCPForwarding no X11Forwarding no PasswordAuthentication yes ForceCommand internal-sftp
Before saving the made changes, make sure to add your username against ‘Match User’ , whereas ‘%h’ represents the home directory of your newly created user within the restricted environment. This ‘ChrootDirectory’ will ensure that your SFTP user won’t have access to any other directory.
Save the ssh configuration file, verify the syntax if there is an issue and then restart its services and confirm if it’s running using the below commands.
# ssh -t
# systemctl restart sshd
# systemctl status sshd
Here, you can see that first there was an error in the ssh configuration file that we fixed by commenting out the additional entry and restart ‘sshd service.
Step 4: Testing SFTP Login
At this point, we are ready to use our SFTp user but before that let’s test it to make sure it has only SFTP access by using the ssh command.
Whereas xx needs to be replaced with your own server IP. As a result, you should get the connection failure as shown below.
Step 5: Using SFTP Client
There are a couple of SFTP clients available to use for the cross-platform operating system and you can use your favorite one. We are going to test it using FileZilla which is one of the best and most useful FTP/SFTP clients available to use. You can easily download it from their official link.
Let’s open it in your system and give the IP address of your SFTP server along with your created username and password.
Upon successful credentials, you will be able to have access to your specified directory only where you can upload or download the data.
In this article we have covered the detailed steps to setup and new SFTP server by making the ssh configuration changes, adding new users, and assigning the required directory permissions. You can add as many users as you want or simply create a new group and make new users part of that group.