Facebook Twitter Instagram
    TecAdmin
    • Home
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    You are at:Home»Network Services»SSH»How to Create SFTP User in Ubuntu 22.04 (No Shell Access)

    How to Create SFTP User in Ubuntu 22.04 (No Shell Access)

    By RahulAugust 23, 20224 Mins Read

    SFTP is a protocol that allows for the secure transfer of files over a network. It is often used by businesses and individuals to transfer sensitive data. SFTP is similar to FTP but uses a different protocol for communication. SFTP is more secure than FTP and is often used in conjunction with SSH (Secure Shell) to provide an even higher level of security.

    Advertisement

    In this tutorial, we will help you to set up an SFTP server and create an SFTP-only user on Ubuntu 22.04 systems. That account can connect over SFTP but is not able to connect over SSH. Also, this will restrict (chroot) the SFTP user to a specific directory only.

    Prerequisites

    • A running Ubuntu 22.04 LTS system with shell access
    • Requies a sudo privileged account

    Step 1 – Installing OpenSSH Server

    The Ubuntu servers have already installed the OpenSSH server but the desktop systems may not have it. Use the following command to install and run OpenSSH server:

    sudo apt update && sudo apt install openssh-server 
    

    Step 2 – Create SFTP User

    First of all, create a new account in your system to use as sftp user.

    The following command will create a new account named sftpuser with no shell access. You can change the username of your choice

    sudo adduser --shell /bin/false sftpuser 
    
    Create SFTP user in Ubuntu
    Creating SFTP user in Ubuntu

    Step 3 – Configure SFTP Directory

    Now, create the directory structure to be accessible by the sftp user.

    sudo mkdir -p /var/sftp/files 
    

    Here we will allow users to access the “files” directory only.

    Now, change the ownership of the files directory to the sftpuser. So that sftpuser can read and write on this directory only.

    sudo chown sftpuser:sftpuser /var/sftp/files 
    

    And set the owner and group owner of the /var/sftp to root. The root user has read/write access on this access. Group members and other accounts have only read and execute permissions.

    sudo chown root:root /var/sftp 
    sudo chmod 755 /var/sftp 
    

    Step 4 – Update SSH Configuration File

    Now edit the SSH configuration file in a text editor

    sudo vim /etc/ssh/sshd_config 
    

    and add the following settings at end of file.

    Match User sftpuser
    	ForceCommand internal-sftp
    	PasswordAuthentication yes
    	ChrootDirectory /var/sftp
    	PermitTunnel no
    	AllowAgentForwarding no
    	AllowTcpForwarding no
    	X11Forwarding no
    

    Make sure to add configuration after the Subsystem line as shown in below screenshot:

    SFTP Only Configuration  on Ubuntu
    SFTP only configuration on Ubuntu

    Save the configuration file and close it.

    Now validate the configuration file.

    sudo sshd -t 
    

    If the validation is successful, no output will be displayed. In case, any error shows in the output, make sure to fix it before running the next commands.

    Restart the SSH service to apply changes.

    sudo systemctl restart ssh 
    

    All done. SFTP-only user is successfully created on your Ubuntu system. Now try logging into the remote system with the new user’s credentials, and check if everything is working correctly.

    Step 5 – Connect to SFTP User

    One can connect to a remote SFTP server using a command line or graphical applications like Filezilla or WinSCP. In this tutorial, I will show you both ways to connect sftp to only an account on the Ubuntu system.

    Linux users can use the sftp command-line utility to connect to a remote sftp instance.

    sftp [email protected] 
    
    [email protected]'s password:
    sftp>
    

    You can also connect to a remote SFTP server using graphical interface applications like FileZilla. That is available for both Linux and Windows users. Open the Filezilla application and input to sftp details:

    • Host: sftp://system-ip-host
    • Username: Use SFTP user created in step 1.
    • Password: Use SFTP user password created in step 1.
    • Port: Use SSH server port or keep empty for default port.

    Click the Quickconnect button:

    Connect SFTP to Ubuntu 22.04  with Filezilla

    Verify no shell access:

    As this account is configured for SFTP-only connection. So if any user tried to connect via SSH will be disconnected immediately after successful authentication. The user will get the below message:

    ssh [email protected]  
    
    [email protected]'s password:
    This service allows sftp connections only.
    Connection to sftp.tecadmin.net closed.
    

    Conclusion

    In conclusion, setting up an SFTP server is a great way to securely transfer files between computers. By following the steps in this article, you can set up your own SFTP server in no time on Ubuntu systems. If you have any questions, feel free to leave a comment below and we’ll be happy to help.

    SFTP SSH Ubuntu 22.04
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp

    Related Posts

    How To Display Warning Message to Unauthorized SSH Access

    How to Set a Custom SSH Login Banner and MOTD

    How to Install and Secure OpenSSH Server on Pop!_OS

    View 2 Comments

    2 Comments

    1. ero on August 23, 2022 7:34 am

      On fresh ubuntu 22.04.1 there is no /etc/ssh/sshd_config file

      Reply
      • Rahul on August 23, 2022 12:58 pm

        You may need to install openssh-server server. I have updated the article accordingly.

        Reply

    Leave A Reply Cancel Reply

    Advertisement
    Recent Posts
    • How to List Manually Installed Packages in Ubuntu & Debian
    • 10 Bash Tricks Every Developer Should Know
    • How to Validate Email Address in JavaScript
    • Firewalld: Common Firewall Rules and Commands
    • 12 Apk Commands in Alpine Linux Package Management
    Facebook Twitter Instagram Pinterest
    © 2023 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.