Linux Administrator

How to Configure SFTP Server in Linux

SFTP stands for SSH File Transfer Protocol. It is secure way to transfer file between two remote systems. If you want to create a user on your system that will be used only for transfer files and not to ssh to the system, you should create the directory for that particular user and provide the access to that directory only over sftp. You will not need to install any extra package for sftp on the server, because SSH comes up as default package when you install OS.

In this article I am going to explain how you can setup and configure SFTP server in Linux machine.

Step #1: Verify the SSH Package

Follow the below command to confirm SSH package is installed or not on your system.

# rpm -qa|grep ssh
openssh-server-5.3p1-118.1.el6_8.x86_64
libssh2-1.4.2-1.el6.x86_64
openssh-clients-5.3p1-118.1.el6_8.x86_64
openssh-5.3p1-118.1.el6_8.x86_64

Step #2: Create User and Group

Create a group than create a user and add that user in group.

# groupadd sftpusers

Now create a user and assign it to the sftpusers group like below.

# useradd -g sftpusers -d /sftpdata -s /sbin/nologin santosh

# password santosh
Changing password for user santosh.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.

Now create a additional directory called data.

# mkdir /data/santosh

Step #3: Assign Permission to Directory

Now create a sftpdata directory under /data/santosh, then assign permission like below.

# chown -R santosh:sftpusers /data/santosh
# mkdir -p /data/santosh/sftpdata
# chown -R santosh:sftpusers /data/santosh/sftpdata

Once done, verify it.

# ls -ld /data/
drwx-----x 14 root root 4096 Mar 29 11:13 /data/

# ls -ld /data/santosh
drwxr-xr-x 4 santosh sftpusers 4096 Mar 29 11:14 /data/santosh

# ls -ld /data/santosh/sftpdata
drwxr-xr-x 2 santosh sftpusers 4096 Mar 29 11:14 /data/santosh/sftpdata

# cat /etc/passwd|grep santosh
santosh:x:501:501::/sftpdata:/sbin/nologin

Step #4: Configure SSH

Now configure the ssh protocol to create an sftp process. You will need to edit /etc/ssh/sshd_config file to do this.

# vim /etc/ssh/sshd_config

Subsystem sftp internal-sftp

Match Group sftpusers
ChrootDirectory /data/%u
ForceCommand internal-sftp

Save and close file.

Step #5: Restart SSH Service

Once done restart SSH service.

# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]

Testing

Sftp configured successfully, now let’s go for test it. First verify the SSH port. To do this you will need to install nmap.

# yum install nmap -y

Now verify SSH port.

# nmap -n sftp_server

Starting Nmap 5.51 ( http://nmap.org ) at 2017-03-29 02:27 MYT
Nmap scan report for SFTP01 (192.168.0.5)
Host is up (0.000085s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind

Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds

You can see above, port 22 is open on the sftp server. It is default SSH port.

Now try to access the SFTP from client machine.

# which sftp
/usr/bin/sftp

# sftp santosh@sftp_server
Connecting to sftp_server...
santosh@sftp_server's password:
sftp> pwd
Remote working directory: /sftpdata

Congrets! Now your SFTP server is accessible.

Now create a test file in sftpdata directory.

# cd /data/santosh/sftpdata
# touch test.txt

Now test it.

# sftp santosh@sftp_server
Connecting to sftp_server...
santosh@sftp_server's password:
sftp> pwd
Remote working directory: /sftpdata
sftp> ls
test.txt
sftp> get test.txt
Fetching /sftpdata/test.txt to test.txt
sftp> quit

Great! your sftp test has been successful.

Now try to access SSH using user santosh.

# ssh santosh@sftp_server
santosh@sftp_server's password:
^CConnection to sftp_server closed.

You can see user won’t be able to use SSH service because previously we’ve set configuration as /sbin/nologin.

I hope this article will help to configure sftp server. If you have any queries and problem please comment in comment section.

Thank you! for visiting LookLinux.

If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at LookLinux Submit Article. Stay connected to Facebook.

About the author

mm

Santosh Prasad

Hi! I'm Santosh and I'm here to post some cool article for you. If you have any query and suggestion please comment in comment section.

5 Comments

  • Hi, I do believe this is a great site. I stumbledupon it 😉
    I will revisit once again since i have saved as a favorite it.
    Money and freedom is the greatest way to change, may you be rich
    and continue to help others.

  • My brother recommended I might like this website. He used
    to be totally right. This publish truly made
    my day. You can not consider simply how a lot time I had spent for this info!
    Thank you!

  • Write failed: Broken pipe Error

    [root@oracleodi ~]# sftp emily@localhost
    Connecting to localhost…
    The authenticity of host ‘localhost (::1)’ can’t be established.
    RSA key fingerprint is b9:44:a5:85:85:98:6a:c8:e0:2e:89:58:a1:99:35:18.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added ‘localhost’ (RSA) to the list of known hosts.
    emily@localhost’s password:
    Write failed: Broken pipe
    Couldn’t read packet: Connection reset by peer

Leave a Reply to nlp X