Linux Administrator

How to Configure SFTP Server in Linux

SFTP stands for SSH File Transfer Protocol. It is secure way to transfer file between two remote systems. If you want to create a user on your system that will be used only for transfer files and not to ssh to the system, you should create the directory for that particular user and provide the access to that directory only over sftp. You will not need to install any extra package for sftp on the server, because SSH comes up as default package when you install OS.

In this article I am going to explain how you can setup and configure SFTP server in Linux machine.

Step #1: Verify the SSH Package

Follow the below command to confirm SSH package is installed or not on your system.

# rpm -qa|grep ssh

Step #2: Create User and Group

Create a group than create a user and add that user in group.

# groupadd sftpusers

Now create a user and assign it to the sftpusers group like below.

# useradd -g sftpusers -d /sftpdata -s /sbin/nologin santosh

# password santosh
Changing password for user santosh.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.

Now create a additional directory called data.

# mkdir /data/santosh

Step #3: Assign Permission to Directory

Now create a sftpdata directory under /data/santosh, then assign permission like below.

# chown -R santosh:sftpusers /data/santosh
# mkdir -p /data/santosh/sftpdata
# chown -R santosh:sftpusers /data/santosh/sftpdata

Once done, verify it.

# ls -ld /data/
drwx-----x 14 root root 4096 Mar 29 11:13 /data/

# ls -ld /data/santosh
drwxr-xr-x 4 santosh sftpusers 4096 Mar 29 11:14 /data/santosh

# ls -ld /data/santosh/sftpdata
drwxr-xr-x 2 santosh sftpusers 4096 Mar 29 11:14 /data/santosh/sftpdata

# cat /etc/passwd|grep santosh

Step #4: Configure SSH

Now configure the ssh protocol to create an sftp process. You will need to edit /etc/ssh/sshd_config file to do this.

# vim /etc/ssh/sshd_config

Subsystem sftp internal-sftp

Match Group sftpusers
ChrootDirectory /data/%u
ForceCommand internal-sftp

Save and close file.

Step #5: Restart SSH Service

Once done restart SSH service.

# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]


Sftp configured successfully, now let’s go for test it. First verify the SSH port. To do this you will need to install nmap.

# yum install nmap -y

Now verify SSH port.

# nmap -n sftp_server

Starting Nmap 5.51 ( ) at 2017-03-29 02:27 MYT
Nmap scan report for SFTP01 (
Host is up (0.000085s latency).
Not shown: 998 closed ports
22/tcp open ssh
111/tcp open rpcbind

Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds

You can see above, port 22 is open on the sftp server. It is default SSH port.

Now try to access the SFTP from client machine.

# which sftp

# sftp [email protected]_server
Connecting to sftp_server...
[email protected]_server's password:
sftp> pwd
Remote working directory: /sftpdata

Congrets! Now your SFTP server is accessible.

Now create a test file in sftpdata directory.

# cd /data/santosh/sftpdata
# touch test.txt

Now test it.

# sftp [email protected]_server
Connecting to sftp_server...
[email protected]_server's password:
sftp> pwd
Remote working directory: /sftpdata
sftp> ls
sftp> get test.txt
Fetching /sftpdata/test.txt to test.txt
sftp> quit

Great! your sftp test has been successful.

Now try to access SSH using user santosh.

# ssh [email protected]_server
[email protected]_server's password:
^CConnection to sftp_server closed.

You can see user won’t be able to use SSH service because previously we’ve set configuration as /sbin/nologin.

I hope this article will help to configure sftp server. If you have any queries and problem please comment in comment section.

Thank you! for visiting LookLinux.

If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website To become an author at Look Linux Submit Article. Stay connected to Facebook.

About the author


Santosh Prasad

Hi! I'm Santosh and I'm here to post some cool article for you. If you have any query and suggestion please comment in comment section.


  • My brother recommended I might like this website. He used
    to be totally right. This publish truly made
    my day. You can not consider simply how a lot time I had spent for this info!
    Thank you!

  • Write failed: Broken pipe Error

    [[email protected] ~]# sftp [email protected]
    Connecting to localhost…
    The authenticity of host ‘localhost (::1)’ can’t be established.
    RSA key fingerprint is b9:44:a5:85:85:98:6a:c8:e0:2e:89:58:a1:99:35:18.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added ‘localhost’ (RSA) to the list of known hosts.
    [email protected]’s password:
    Write failed: Broken pipe
    Couldn’t read packet: Connection reset by peer

Leave a Comment