SFTP stands for Secure File Transfer Protocol that we used for secure data transfer to and from your local system.
It works over SSH Protocol and hence is considered to be more secure than the simple FTP (File Transfer Protocol).
Data transferring is a routine based task of every system administrator and other developers who need to make changes in their code.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to configure SFTP Server on their Ubuntu based Server.
In this context, we shall look into steps to configure SFTP Server and create users with their specified directory permissions.
How to configure SFTP User with Specified Directory Permissions on Ubuntu ?
To begin, we need to make sure that we have sudo or root user privileges on the server where we need to create SFTP Users.
Let's start by login into the system using ssh for which you can use the Putty or Shell terminal of your Linux Desktop:
# ssh -i key.pem ubuntu@your_server_ip
# sudo -i
You can also directly login to your system as well, but make sure to use your own username and credentials.
1. How to create New SFTP Only User ?
To create a new user for SFTP is as similar as we do for adding any other general users.
But in order to restrict that to be used for SFTP purposes only, we will assign it to no login shell.
i. Run the command below to create an SFTP user by specifying its custom home directory.
# useradd -m -d /home/example.com sftp_user
ii. Set the password of the newly created user using 'passwd' command as below.
# passwd sftp_user
iii. Make sure to set a complex password for its security. Then assign it a nologin shell by modifying the 'passwd' file as below:
# vim /etc/passwd
iv. Save and close using :wq! To apply changes.
2. Setup Directory Permissions
After creating the new user, we need to set up the right directory permissions and ownership to the user's directory that we have created in the first step:
# chmod 755 /home/example.com/
# chown root:root /home/example.com
3. Restrict Directory Access
Now we have a new SFTP only user in place, next we need to restrict its directory access to be accessible to its specified home folder that we created.
i. In order to do so, we are going to modify the ssh configuration file by adding the following parameters:
# vim /etc/ssh/sshd_config
subsystem sftp internal-sftp
Match User sftp_user
ii. Before saving the made changes, make sure to add your username against 'Match User', whereas '%h' represents the home directory of your newly created user within the restricted environment.
This 'ChrootDirectory' will ensure that your SFTP user won't have access to any other directory.
iii. Save the ssh configuration file, verify the syntax if there is an issue and then restart its services and confirm if it's running using the below commands:
# ssh -t
# systemctl restart sshd
# systemctl status sshd
Here, you can see that first there was an error in the ssh configuration file that we fixed by commenting out the additional entry and restart sshd service.
4. How to test SFTP Login ?
At this point, we are ready to use our SFTp user but before that let's test it to make sure it has only SFTP access by using the ssh command:
Whereas xx needs to be replaced with your own server IP.
As a result, you should get the connection failure.
5. How to use the SFTP Client ?
There are a couple of SFTP clients available to use for the cross-platform operating system and you can use your favorite one. We are going to test it using FileZilla which is one of the best and most useful FTP/SFTP clients available to use.
You can easily download it from their official link.
Let's open it in your system and give the IP address of your SFTP server along with your created username and password.
Upon successful credentials, you will be able to have access to your specified directory only where you can upload or download the data.
[Need urgent assistance in configuring SFTP on your Server? We can help you. ]