Secure File Transfer Protocol (SFTP) is a protocol that provides a secure and reliable mechanism for accessing, transferring, and managing files on remote systems over an SSH connection. In this article, we’ll walk you through the process of setting up an SFTP server on a CentOS/RHEL system.
Prerequisites
Before getting started, ensure that you have:
- A CentOS/RHEL system installed.
- Root or sudo user access to the system.
- An internet connection for downloading necessary packages.
Step 1: Update your System
First, make sure your system is up-to-date by executing the following command:
sudo yum update -y
Step 2: Install SSH Server
CentOS/RHEL systems come with SSH installed by default. If it isn’t installed, use the following command to install the OpenSSH server:
sudo yum install openssh-server -y
Once installed, start the SSH service and enable it to start at boot:
sudo systemctl start sshd
sudo systemctl enable sshd
Step 3: Create an SFTP User
Next, create a user for SFTP. In this guide, we’ll create a user called ‘sftpuser’. Replace ‘sftpuser’ with your preferred username:
sudo adduser sftpuser
Set the password for the new user:
sudo passwd sftpuser
Step 4: Configure SFTP
To setup SFTP, we need to modify the SSHD configuration file. Before modifying this file, it’s a good practice to create a backup:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
Next, open the SSHD configuration file with a text editor of your choice. Here, we’ll use vi:
sudo vi /etc/ssh/sshd_config
Add the following lines at the bottom of the file:
1 2 3 4 5 6 7 8 | Match User sftpuser ForceCommand internal-sftp PasswordAuthentication yes ChrootDirectory /home/sftpuser PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no |
In this configuration:
- `Match User sftpuser` applies the configuration to our user, ‘sftpuser’.
- `ForceCommand internal-sftp` restricts the user to SFTP and disallows SSH.
- `PasswordAuthentication yes` allows password authentication for this user.
- `ChrootDirectory /home/sftpuser` confines the user to their home directory.
- The other lines disable various SSH features to limit the user’s capabilities.
After adding these lines, save and exit the file.
Step 5: Set Directory Permissions
Next, we need to set the directory permissions for the sftp user’s home directory. This is necessary to confine the user within their home directory:
sudo chown root:root /home/sftpuser
sudo chmod 755 /home/sftpuser
If the user needs a directory to upload files, you can create a directory inside the user’s home directory and give the user ownership:
sudo mkdir /home/sftpuser/files
sudo chown sftpuser:sftpuser /home/sftpuser/files
Step 6: Restart SSH Service
After configuring SFTP, save the changes by restarting the SSH service:
sudo systemctl restart sshd
Step 7: Testing SFTP Access
Now, from a client machine, you can test the SFTP access using the
sftp command:
sftp sftpuser@your_server_ip
If everything is configured correctly, you will be able to log in with the password you set for ‘sftpuser’.
Conclusion
You have successfully set up an SFTP server on your CentOS/RHEL system. Your users can now securely transfer files to and from your server over an encrypted connection. Remember that user management is crucial for maintaining the security of your server. Add new users sparingly and always use secure passwords.