Basic SFTP Setup
A recent project had me doing a quick refresh of how to setup an SFTP server. I thought I’d put those steps here. To setup a basic SFTP server on ubuntu, we’ll create a a dedicated sftp user and group, and a directory for the root sftp connection. Then lock down the directory to only users in our sftp group.
Start by creating a new group.
sudo addgroup sftp_group
Create a new user specifically for SFTP, and add them to the group. Use the “-M"
flag will create a user without a home to directory.
sudo useradd -M sftp_user -g sftp_group
Create a password for the user:
sudo passwd sftp_user
Now we need to create a root directory for SFTP and make sure root
is the owner
sudo mkdir -p /sftp
chown root:root /sftp
Now create a SFTP directory for our user and lock permission to only this user
sudo mkdir /sftp/Data
sudo chown sftp_user:sftp_group /sftp/Data
sudo chmod 700 /sftp/Data
It’s time to install ssh
sudo apt-get install ssh
Edit the config.
sudo nano /etc/ssh/sshd_config
Add these settings to end of the file for our sftp settings:
Match group sftp_group
ChrootDirectory /sftp
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
You can add or uncomment any additional settings to the file that you need as well. Here’s a few I added.
Change the default ssh port:
Port 4422
Change logging level:
LogLevel VERBOSE
Disable root ssh:
PermitRootLogin no
Set session timeout. This will disconnect idle connections after 5 minutes.
ClientAliveInterval 300
When you’re done editing the file, restart ssh service:
sudo systemctl restart ssh
Connect to SFTP Server
To test your connection, open an sftp client like FileZilla and create a new site (File > Site manager > new site). Enter the IP or hostname of the sftp server, the port number, and username and password. Then hit “Connect“
If successful, you should open to the default directory in your “sshd_config” file (/sftp). Open the “Data” folder, create a txt file and upload to the server.