SFTP, also known as an “SSH File Transfer Protocol” or “Secure File Transfer Protocol,” is a protocol used for transferring large files over the internet. It is built on FTP and includes Secure Shells for sharing files securely. SSH and SFTP protocols were both designed by the Internet Engineering Task Force (IETF) to improve web security.
SFTP is very useful when you want to transfer any sensitive data over the internet. SFTP uses SSH and encrypts all commands to avoid password sniffing and exposing sensitive information in plain text.
Why is SFTP different from FTP and FTPS?
- It transmits data in binary format, so file transfer is much faster than other protocols.
- It doesn't need any dedicated data channel because it uses only one connection.
- It lists the directory in a machine-readable format.
- SFTP connection is encrypted and secure as it uses SSH protocol.
In this post, we will show you how to set up an SFTP server on Ubuntu.
Install SSH Server
SFTP uses SSH protocol to transfer files. So you will need to install the SSH server on your system. You can install it by running the following command:
apt-get install openssh-server -y
After installing the SSH server, start the SSH service and enable it to start at system reboot with the following command:
systemctl start ssh
systemctl enable ssh
Next, verify the status of the SSH service with the following command:
systemctl status ssh
If everything is fine, you should get the following output:
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2021-07-18 09:06:45 UTC; 3min 25s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 646 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 647 (sshd)
Tasks: 1 (limit: 2353)
Memory: 3.8M
CGroup: /system.slice/ssh.service
└─647 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
Jul 18 09:06:44 ubuntu2004 systemd[1]: Starting OpenBSD Secure Shell server...
Jul 18 09:06:45 ubuntu2004 sshd[647]: Server listening on 0.0.0.0 port 22.
Jul 18 09:06:45 ubuntu2004 sshd[647]: Server listening on :: port 22.
Jul 18 09:06:45 ubuntu2004 systemd[1]: Started OpenBSD Secure Shell server.
Jul 18 09:08:40 ubuntu2004 sshd[674]: Accepted password for root from 106.213.219.126 port 64650 ssh2
Jul 18 09:08:40 ubuntu2004 sshd[674]: pam_unix(sshd:session): session opened for user root by (uid=0)
At this point, SSH service is started and listening on port 22. You can check the SSH listening port with the following command:
ss -antpl | grep 22
You should see the following output:
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=647,fd=3))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=647,fd=4))
Configure SSH Server
Next, you will need to edit the SSH main configuration file and configure it for SFTP. You can edit it with the following command:
nano /etc/ssh/sshd_config
Add the following lines at the end of the file:
Match group sftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Save and close the file when you are finished. Then, restart the SSH service to apply the configuration changes:
systemctl restart ssh
Create SFTP User Account
Next, you will need to create a user account for SFTP access. First, create a new group named sftp with the following command:
addgroup sftp
You should see the following output:
Adding group `sftp' (GID 1000) ...
Done.
Next, create a new user named sftpuser and add it to the sftp group:
useradd -m sftpuser -g sftp
Next, set a password for sftpuser with the following command:
passwd sftpuser
You will be asked to set a password as shown below:
New password:
Retype new password:
passwd: password updated successfully
Next, grant full access to the sftpuser of /home/sftpuser directory and deny access for all other users with the following command:
chmod 700 /home/sftpuser/
Connect SFTP From Command-line
You can now connect to the SFTP server from the remote system using the command-line interface.
First, log in to the remote system, open the command-line interface, and run the following command to connect to the SFTP server:
sftp sftpuser@69.87.220.42
You will be asked to provide a password for sftpuser as shown below:
sftp sftpuser@69.87.220.42
sftpuser@69.87.220.42's password:
Provide your password and hit Enter. Once you are connected, you should get the SFTP shell as shown below:
Connected to 69.87.220.42.
sftp>
Now, change the directory to sftpuser home directory with the following command:
sftp> cd sftpuser/
Next, list all files and directories with the following command:
sftp> ls -l
You should get the following output:
drwxr-xr-x 2 1000 1000 4096 Jul 18 09:23 documents
-rw-r--r-- 1 1000 1000 0 Jul 18 09:24 file1.txt
-rw-r--r-- 1 1000 1000 0 Jul 18 09:24 file2.txt
-rw-r--r-- 1 1000 1000 0 Jul 18 09:24 hitesh.jpeg
-rw-r--r-- 1 1000 1000 0 Jul 18 09:24 image.png
If you want to create any directory, run the following command:
sftp> mkdir mydir
To disconnect from the SFTP shell, run the following command:
sftp> exit
Connect SFTP From GUI
You can also connect to your SFTP server from the Ubuntu graphical desktop environment.
First, open the File Manager from the Application menu as shown below:
Now, click on the Connect to Server. You should see the following screen:
Now, type your SFTP server address in sftp://your-server-ip format and click on the Connect button. You should see the following screen:
Provide your sftp username, password and click on the Connect button. Once you are connected to the SFTP server, you should see the following screen:
Now, click on the sftpuser directory. You should see all content of this directory on the following screen:
Conclusion
In the above guide, we explained how to set up an SFTP server on Ubuntu using SSH protocol. We also explained how to connect to the SFTP server from the command-line and GUI methods. You can also use any FTP client to connect to the SFTP server from any operating system and transfer files and directories securely over the internet.
Setting up an SFTP Server on Ubuntu FAQs
What is needed to set up an SFTP server on Ubuntu?
To set up an SFTP server on Ubuntu, you will need an Ubuntu server instance, OpenSSH installed, and user accounts for SFTP users.
How do I install OpenSSH on Ubuntu?
You can install OpenSSH on Ubuntu by running the command "sudo apt-get install openssh-server" in the terminal.
How do I create SFTP user accounts on Ubuntu?
To create SFTP user accounts on Ubuntu, you can use the "adduser" command in the terminal. For example, to create an SFTP user named "sftpuser", you would run the command "sudo adduser sftpuser" and follow the prompts.
How do I configure the SFTP server on Ubuntu?
To configure the SFTP server on Ubuntu, you will need to edit the SSH configuration file "/etc/ssh/sshd_config". You can configure settings such as the SFTP port number, SFTP user permissions, and SFTP directory location in this file.
How do I start the SFTP server on Ubuntu?
You can start the SFTP server on Ubuntu by restarting the SSH service using the command "sudo service ssh restart".
How do I test the SFTP server on Ubuntu?
To test the SFTP server on Ubuntu, you can use an SFTP client such as FileZilla or WinSCP to connect to the server using SFTP. You can then transfer files between the client and server to ensure that the SFTP connection is working correctly.
What are some best practices for securing an SFTP server on Ubuntu?
Best practices for securing an SFTP server on Ubuntu include using strong passwords for SFTP user accounts, limiting SFTP user access to specific directories, disabling SSH password authentication in favor of key-based authentication, and keeping the server software and operating system up to date with security patches.
How can I restrict SFTP user access to specific directories?
To restrict SFTP user access to specific directories, you can configure the SSH configuration file "/etc/ssh/sshd_config" to use a chroot jail for SFTP users. This will limit the directories that SFTP users can access to a specific directory tree.
