SFTP is a protocol that allows for the secure transfer of files over a network. It is often used by businesses and individuals to transfer sensitive data. SFTP is similar to FTP but uses a different protocol for communication. SFTP is more secure than FTP and is often used in conjunction with SSH (Secure Shell) to provide an even higher level of security.
In this tutorial, we will help you to set up an SFTP server and create an SFTP-only user on Ubuntu 22.04 systems. That account can connect over SFTP but is not able to connect over SSH. Also, this will restrict (chroot) the SFTP user to a specific directory only.
Prerequisites
- A running Ubuntu 22.04 LTS system with shell access
- Requies a sudo privileged account
Step 1 – Create SFTP User
First of all, create a new account in your system to use as sftp user.
The following command will create a new account named sftpuser with no shell access. You can change the username of your choice
sudo adduser --shell /bin/false sftpuser
Step 2 – Configure SFTP Directory
Now, create the directory structure to be accessible by the sftp user.
sudo mkdir -p /var/sftp/files
Here we will allow users to access the “files” directory only.
Now, change the ownership of the files directory to the sftpuser. So that sftpuser can read and write on this directory only.
sudo chown sftpuser:sftpuser /var/sftp/files
And set the owner and group owner of the /var/sftp to root. The root user has read/write access on this access. Group members and other accounts have only read and execute permissions.
sudo chown root:root /var/sftpsudo chmod 755 /var/sftp
Step 3 – Update SSH Configuration File
Now edit the SSH configuration file in a text editor
sudo vim /etc/ssh/sshd_config
and add the following settings at end of file.
Match User sftpuser ForceCommand internal-sftp PasswordAuthentication yes ChrootDirectory /var/sftp PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no
Make sure to add configuration after the Subsystem line as shown in below screenshot:
Save the configuration file and close it.
Now validate the configuration file.
sudo sshd -t
If the validation is successful, no output will be displayed. In case, any error shows in the output, make sure to fix it before running the next commands.
Restart the SSH service to apply changes.
sudo systemctl restart ssh
All done. SFTP-only user is successfully created on your Ubuntu system. Now try logging into the remote system with the new user’s credentials, and check if everything is working correctly.
Step 4 – Connect to SFTP User
One can connect to a remote SFTP server using a command line or graphical applications like Filezilla or WinSCP. In this tutorial, I will show you both ways to connect sftp to only an account on the Ubuntu system.
Linux users can use the sftp command-line utility to connect to a remote sftp instance.
sftp [email protected]
[email protected]'s password:
sftp>
You can also connect to a remote SFTP server using graphical interface applications like FileZilla. That is available for both Linux and Windows users. Open the Filezilla application and input to sftp details:
- Host: sftp://system-ip-host
- Username: Use SFTP user created in step 1.
- Password: Use SFTP user password created in step 1.
- Port: Use SSH server port or keep empty for default port.
Click the Quickconnect button:
Verify no shell access:
As this account is configured for SFTP only connection. So if any user tried to connect via SSH will be disconnected immediately after successful authentication. User will get below message:
ssh [email protected]
[email protected]'s password:
This service allows sftp connections only.
Connection to sftp.tecadmin.net closed.
Conclusion
In conclusion, setting up an SFTP server is a great way to securely transfer files between computers. By following the steps in this article, you can set up your own SFTP server in no time on Ubuntu systems. If you have any questions, feel free to leave a comment below and we’ll be happy to help.