SFTP on Ubuntu-24.04

vignesh waranvignesh waran
3 min read

Step 1: Install OpenSSH-server & SSH

Install OpenSSH server and SSH client packages.

sudo apt install openssh-server $ sudo apt install ssh

  • Explanation:

    • openssh-server: Installs the OpenSSH server package, which is required to accept incoming SSH and SFTP connections.

    • ssh: Installs the SSH client package, useful for connecting to remote servers securely.

Step 2: Create SFTP user account

Create a dedicated user account for SFTP access.

sudo adduser sftp_user

  • Explanation:

    • adduser sftp_user: Creates a new user named sftp_user on the system. You will be prompted to set a password and additional user details during the creation process.

Step 3: Creating a Directory for File Transfers

Create necessary directories and set appropriate permissions.

sudo mkdir -p /var/sftp/data sudo chown root:root /var/sftp/data sudo chmod 755 /var/sftp/data sudo chown sftp_user:sftp_user /var/sftp/data/

  • Explanation:

    • mkdir -p /var/sftp/data/: Creates a directory structure where /var/sftp/data/ will be used to store SFTP user data.

    • chown root:root /var/sftp: Sets ownership of /var/sftpto root, ensuring only privileged users can modify this directory.

    • chmod 755 /var/sftp: Sets permissions on /var/sftp to allow full access for root and read/execute access for others.

    • chown sftp_user:sftp_user /var/sftp/data/: Sets ownership of /var/sftp/data/ to sftp_user, allowing the SFTP user to write files into this directory.

Step 4: sshd_config Settings

Configure SSH server to enable SFTP-only access for sftp_user.

sudo nano /etc/ssh/sshd_config

Edit /etc/ssh/sshd_config and add or modify the following directives:

Port <your_port_number> Match User sftp_user ForceCommand internal-sftp PasswordAuthentication yes ChrootDirectory /var/sftp/myfolder PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no

  • Explanation:

    • Port <your_port_number>: Replace <your_port_number> with the desired port number for SFTP connections.

    • Match User sftp_user: Specifies settings that apply only to the sftp_user user.

    • ForceCommand internal-sftp: Forces the use of the internal SFTP server, restricting the user to SFTP access only.

    • PasswordAuthentication yes: Allows password authentication for SFTP login.

    • ChrootDirectory /var/sftp/myfolder: Restricts the user to their home directory (/var/sftp/myfolder) for security purposes.

    • PermitTunnel no, AllowAgentForwarding no, AllowTcpForwarding no, X11Forwarding no: Disables SSH tunneling and forwarding options that are not needed for SFTP.

Step 5: Restart SSH service

Apply the configuration changes by restarting the SSH service.

sudo systemctl restart sshd or sudo /etc/init.d/ssh restart

  • Explanation:

    • systemctl restart sshd: Restarts the SSH daemon (sshd), applying the changes made in sshd_config.

Step 6: Open your SFTP port in AWS-EC2 security group

If you are using AWS EC2, open the SFTP port in the instance's security group.

  • Explanation:

    • Navigate to your AWS EC2 console, find your instance, and modify the security group's inbound rules to allow traffic on the SFTP port (<your_port_number>).

For detailed visual steps, refer to AWS EC2 Security Group Setup.

Step 7: Verifying the Configuration

Verify that SFTP is working correctly.

  • Terminal Verification:

    • Connect to the server via SFTP from a terminal:

      sftp sftp_user@your_server_ip -P <your_port_number>

    • Verify file transfers and functionality.

  • Third-Party Software:

    • Use tools like WinSCP to connect to your server via SFTP.

    • Ensure file transfers and directory access are functioning as expected.

0
Subscribe to my newsletter

Read articles from vignesh waran directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWSSFTPDevopsLinux

Written by

vignesh waran
vignesh waran