Jeffimgcls Hi, I'm Jeff! Resume Linkedin Mail

How to install a Ubuntu SFTP server

SFTP stands for Secure File Transfer Protocol. It is a network protocol that provides secure file access, file transfer, and file management functionalities over a secure data stream. SFTP is often used for securely transferring files between computers over a network, typically the internet.

SFTP is considered better than FTP (File Transfer Protocol), because SFTP encrypts both the commands and data, providing a secure way to transfer files over the network. FTP, on the other hand, sends data in plaintext, making it vulnerable to interception and eavesdropping. SFTP uses SSH (Secure Shell) for authentication, which provides strong encryption and authentication mechanisms. FTP typically relies on simple username and password authentication, which can be susceptible to brute force attacks and other security vulnerabilities. SFTP is typically supported on all major platforms, including Unix, Linux, macOS, and Windows. FTP support can be inconsistent across different platforms and may require additional software or configurations. SFTP operates over a single port (usually port 22), making it easier to configure firewalls and network security devices compared to FTP, which requires multiple ports for data transfer. SFTP has built-in integrity checking mechanisms to ensure that files are not corrupted during transfer. FTP does not have this feature, leaving files vulnerable to corruption during transmission. SFTP supports resuming interrupted file transfers, allowing users to pick up where they left off if a transfer is interrupted. FTP may not support this feature or may require additional configurations to enable it.

Follow these steps to install SFTP on Ubuntu

Install SSH:

sudo apt install ssh

Edit the SSH daemon configuration file.:

sudo nano /etc/ssh/sshd_config

Set the parameters ClientAliveInterval and ClientAliveCountMax values


Then enter the following on the last line of the config file, which will allow the SFTP group users to access the home directory via SFTP:

Match Group sftpgroup
ChrootDirectory /srv/sftpuser/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Restart the SSH service

sudo systemctl restart sshd

Create a new group sftpgroup, that can only access the SFTP server and not the SSH service.

sudo groupadd sftpgroup

Create a new user, the option -G adds the user to the group and the option -d sets the home directory, option -s sets the shell access rules.

sudo useradd -G sftpgroup -d /srv/sftpuser -s /sbin/nologin sftpuser

Enter a secure password for the sftpuser:

passwd sftpuser

Create a new folder for the SFTP users

mkdir -p /srv/sftpuser

Make root the owner of the new folder

sudo chown root /srv/sftpuser

Create a subdirectory and set the SFTP user as the owner

mkdir -p /srv/sftpuser/data
chown sftpuser:sftpuser /srv/sftpuser/data

Connect to the SFTP server either via the SFTP command or through an FTP client with a GUI, like winSCP. For CLI, enter the command sftp, followed by the user and host name or the IP address of the SFTP server.

sftp sftpuser@SERVER-IP

That's it! You can now move files securely as needed!