What is SFTP?
SFTP stands for SSH File Transfer Protocol. You guessed it correct. It is version of FTP that uses SSH on top. It allows users to upload and download files to and from a Linux server through an encrypted connection. FTP does the same without encryption and this is why SFTP is preferred over FTP these days.
Rpm -qa grep openssh. BTW whats in your /etc/ssh/sshdconfig on line 121? There a slightly differences in naming of sftp, s maybe u have to change it a bit. @all, setenforce 0 is not really a solution it’s a dirty workaround. You should set the policies accordingly. Jul 29, 2019 Run WinSCP and select 'SFTP' as the protocol. In the host name field, enter 'localhost' (if you're testing the PC you installed OpenSSH on). You will need to enter your Windows username and password to allow the program to connect to the server. Hit save, and select login. In this short video I will walk you though the steps of SFTP services installation on Server 2019, Major steps are below 1. Add OpenSSH Server feature2.
Let’s see how you can set up a SFTP server on a Linux system.
Setting up SFTP Server on Linux
I have used Ubuntu in this tutorial. The installation commands are specific to Ubuntu and Debian but the rest of the steps can be followed in any other Linux distribution.
To perform the steps, you need have sudoer rights. So if you don’t sudo rights, contact your system administrator. If you are the one, please read about creating sudo user in Ubuntu.
Setting up SFTP is very easy. Before going to that, you need to have OpenSSH installed in the server side and SSH package in the client side.
I have discussed setting up SSH on Ubuntu in detail in a separate article, I’ll just mention the important steps here.
To install OpenSSH in server, you can use the following command:
You also need SSH on the system from where you are going to access the SFTP server.
After this is done, you will have everything ready to setup SFTP. It’s done in three steps and I am going to show it to you one-by-one.
Step 1: Create Groups, Users, Directories
To use SFTP (or any other service in general) safely, it is best to create groups and users to use that service and only that service. “It is best to give one specific right to one specific entity”.
In case if you want to give SFTP access and also normal system access, create users such that it is easy to identify them according to service. For example, if seeni is used for normal system access then seenisftp can be used for SFTP access. Using this method will be easier on the administration side.
Let’s create a group named “sftpg” using groupadd command:
Let’s create a user named “seenisftp” and add him to the above group and give him a password.
In the useradd command, -g option tells the group to which user should be added. You can list all the users in Linux and verify that the new user is has added.
Let’s assume you want to use the directory /data/ as your root for sftp and /data/USERNAME for each user. So when users login through sftp, they should be in /data/USERNAME as their default directory (Just like you are in /home/USERNAME directory when you login into the Linux system through SSH). Also, assume a constraint that they can read files from that directory but can upload only to uploadsdirectory.
Let’s create the directories and change their access and ownership as follows (read about file permissions in Linux to know more about it).
One thing that might confuse is giving ownership of the user’s directory to the root itself. This is mandatory for chrooting in SFTP. So make sure that owner of the /data/USERNAME is root.
As of now, we have user named seenisftp with group sftpg and with access permissions set for /data/seenisftp.
Step 2: Configure sshd_config
Next is you need to configure ssh server so that whenever user belonging to sftpg group logs in, he/she gets into sftp instead of the normal shell you get through ssh. Append the following snippet to /etc/ssh/sshd_config if not already present.
Match Group sftpg ChrootDirectory /data/%u ForceCommand internal-sftp
In the above snippet, ChrootDirectory allows the specified directory to be made as the root (“/” directory ) node in the directory tree. The logged in user cannot see anything above that directory. So it will stop the current user from accessing other user’s files through sftp. %u is the escape code for filling it with the current username at the time of login. When seenisftp logins through sftp, he will be in /data/seenisftp as his root directory. He will not be able to see anything above it.
Step 3: Restart the service
To make changes we made to sshd_config live, restart the service as follows.
Accessing SFTP via Linux command line
You can login into SFTP as you normally would do with SSH.
Sample SFTP commands
How To Openssh-sftp-module Linux Mint
SFTP commands are usually of the following format.
For any command, arguments may be either local system paths or remote system paths. There is no specific visible distinction between them. You can specify the path as normal after considering the whether the argument is local or remote.
GET – download contents from remote server to the local system. Below command downloads remote file poster.img to the local system’s ~/Pictures directory.
PUT – Upload contents form the local system to the remote system. Below command uploads the ~/Pictures/poster2.jpg into my uploads directory.
RM – To remove the files in the remote system. This is very similar to rm command. You can see that from below command which deletes an image at uploads/poster3.jpg
Above commands are very basic and are sufficient enough to explore the FTP/SFTP server. If you want to know more, either use help command or use this resource.
I hope this article helped you in setting up SFTP server on Linux.
Tell us in comments about what is your SFTP file system setup. Is it like mentioned in this article or a pooled directory or anything else?
If you found this article useful, share it with your friends. If you have suggestions, feel free to drop them below.
Become a Member for FREE
Openssh Sftp File Size Limit
Join the conversation.