How to configure SFTP server in Linux

configure-sftp-server
mm
Written By:- Santosh Prasad

SFTP stands for SSH File Transfer Protocol. It is secure way to transfer file between two remote systems. If you want to create a user on your system that will be used only for transfer files and not to ssh to the system, you should create the directory for that particular user and provide the access to that directory only over sftp. You will not need to install any extra package for sftp on the server, because SSH comes up as default package when you install OS.

In this article I am going to explain how you can setup and configure SFTP server in Linux machine.

Step #1: Verify the SSH Package

Follow the below command to confirm SSH package is installed or not on your system.

# rpm -qa|grep ssh
openssh-server-5.3p1-118.1.el6_8.x86_64
libssh2-1.4.2-1.el6.x86_64
openssh-clients-5.3p1-118.1.el6_8.x86_64
openssh-5.3p1-118.1.el6_8.x86_64

Step #2: Create User and Group

Create a group than create a user and add that user in group.

# groupadd sftpusers

Now create a user and assign it to the sftpusers group like below.

# useradd -g sftpusers -d /sftpdata -s /sbin/nologin santosh

# password santosh
Changing password for user santosh.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.

Now create a additional directory called data.

# mkdir /data/santosh

Step #3: Assign Permission to Directory

Now create a sftpdata directory under /data/santosh, then assign permission like below.

# chown -R santosh:sftpusers /data/santosh
# mkdir -p /data/santosh/sftpdata
# chown -R santosh:sftpusers /data/santosh/sftpdata

Once done, verify it.

# ls -ld /data/
drwx-----x 14 root root 4096 Mar 29 11:13 /data/

# ls -ld /data/santosh
drwxr-xr-x 4 santosh sftpusers 4096 Mar 29 11:14 /data/santosh

# ls -ld /data/santosh/sftpdata
drwxr-xr-x 2 santosh sftpusers 4096 Mar 29 11:14 /data/santosh/sftpdata

# cat /etc/passwd|grep santosh
santosh:x:501:501::/sftpdata:/sbin/nologin

Step #4: Configure SSH

Now configure the ssh protocol to create an sftp process. You will need to edit /etc/ssh/sshd_config file to do this.

# vim /etc/ssh/sshd_config

Subsystem sftp internal-sftp

Match Group sftpusers
ChrootDirectory /data/%u
ForceCommand internal-sftp

Save and close file.

Step #5: Restart SSH Service

Once done restart SSH service.

# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]

Testing

Sftp configured successfully, now let’s go for test it. First verify the SSH port. To do this you will need to install nmap.

# yum install nmap -y

Now verify SSH port.

# nmap -n sftp_server

Starting Nmap 5.51 ( http://nmap.org ) at 2017-03-29 02:27 MYT
Nmap scan report for SFTP01 (192.168.0.5)
Host is up (0.000085s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind

Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds

You can see above, port 22 is open on the sftp server. It is default SSH port.

Now try to access the SFTP from client machine.

# which sftp
/usr/bin/sftp

# sftp [email protected]_server
Connecting to sftp_server...
[email protected]_server's password:
sftp> pwd
Remote working directory: /sftpdata

Congrets! Now your SFTP server is accessible.

Now create a test file in sftpdata directory.

# cd /data/santosh/sftpdata
# touch test.txt

Now test it.

# sftp [email protected]_server
Connecting to sftp_server...
[email protected]_server's password:
sftp> pwd
Remote working directory: /sftpdata
sftp> ls
test.txt
sftp> get test.txt
Fetching /sftpdata/test.txt to test.txt
sftp> quit

Great! your sftp test has been successful.

Now try to access SSH using user santosh.

# ssh [email protected]_server
[email protected]_server's password:
^CConnection to sftp_server closed.

You can see user won’t be able to use SSH service because previously we’ve set configuration as /sbin/nologin.

I hope this article will help to configure sftp server. If you have any queries and problem please comment in comment section.

Thanks:)

About Author

mm

Santosh Prasad

Hi! I'm Santosh and I'm here to post some cool article for you. If you have any query and suggestion please comment in comment section.

Other Post by Santosh Prasad

Visit All Post

Related Article

You may also Like

Leave a Comment

Shares