In this short tutorial, we will learn how to install and set up SFTP server on Ubuntu 22.04 LTS operating system. SFTP is widely used in enterprise environments, web hosting, and other situations where secure file transfer is required.
SFTP (Secure File Transfer Protocol) is a protocol for transferring files over a secure channel between two remote computers. It is a more secure alternative to FTP (File Transfer Protocol), which transmits data in plain text, making it susceptible to eavesdropping and data tampering. SFTP uses the SSH (Secure Shell) protocol for authentication and encryption, which provides strong security and data protection. It encrypts both the data and the authentication information, preventing unauthorized access to the transferred data.
SFTP operates over a client-server architecture, where the SFTP server runs on a remote host, and the client connects to it to upload or download files. Users can use SFTP client software to transfer files to and from the server. SFTP supports a range of operations, including file and directory creation, renaming, deletion, and permissions management. It also supports compression and resuming interrupted transfers.
Setting Up SFTP Server On Ubuntu 22.04
To set up an SFTP server on Ubuntu, we can use the OpenSSH server, which includes the SFTP subsystem. Here are the general steps for installing and configuring an SFTP server:
- Install ssh Software in Ubuntu 22.04
- Create SFTP group and user
- Configure the SSH service
- Testing to connect to the sftp server
1. Install ssh Software in Ubuntu 22.04
Before starting to install ssh software, we have to update the system first , this task is to make sure if we are accessing the latest packages versions. To update our packages software we will use command line :
$ sudo apt update $ sudo apt upgrade
To install ssh software, we will submit the following command line :
$ sudo apt install ssh
ramans@dev01:~$ sudo apt install ssh [sudo] password for ramans: Reading package lists... Done Building dependency tree... Done Reading state information... Done The following package was automatically installed and is no longer required: libllvm13 Use 'sudo apt autoremove' to remove it. The following additional packages will be installed: ncurses-term openssh-server openssh-sftp-server ssh-import-id Suggested packages: molly-guard monkeysphere ssh-askpass The following NEW packages will be installed: ncurses-term openssh-server openssh-sftp-server ssh ssh-import-id 0 upgraded, 5 newly installed, 0 to remove and 49 not upgraded. Need to get 755 kB of archives. After this operation, 6.179 kB of additional disk space will be used. Do you want to continue? [Y/n] Y Get:1 http://id.archive.ubuntu.com/ubuntu jammy-updates/main amd64 openssh-sftp-server amd64 1:8.9p1-3ubuntu0.1 [38,7 kB] Get:2 http://id.archive.ubuntu.com/ubuntu jammy-updates/main amd64 openssh-server amd64 1:8.9p1-3ubuntu0.1 [434 kB] Get:3 http://id.archive.ubuntu.com/ubuntu jammy-updates/main amd64 ssh all 1:8.9p1-3ubuntu0.1 [4.850 B] Get:4 http://id.archive.ubuntu.com/ubuntu jammy/main amd64 ncurses-term all 6.3-2 [267 kB] Get:5 http://id.archive.ubuntu.com/ubuntu jammy/main amd64 ssh-import-id all 5.11-0ubuntu1 [10,1 kB] Fetched 755 kB in 1s (1.365 kB/s) Preconfiguring packages ... Selecting previously unselected package openssh-sftp-server. (Reading database ... 283629 files and directories currently installed.) Preparing to unpack .../openssh-sftp-server_1%3a8.9p1-3ubuntu0.1_amd64.deb ... Unpacking openssh-sftp-server (1:8.9p1-3ubuntu0.1) ... Selecting previously unselected package openssh-server. Preparing to unpack .../openssh-server_1%3a8.9p1-3ubuntu0.1_amd64.deb ... Unpacking openssh-server (1:8.9p1-3ubuntu0.1) ... Selecting previously unselected package ssh. Preparing to unpack .../ssh_1%3a8.9p1-3ubuntu0.1_all.deb ... Unpacking ssh (1:8.9p1-3ubuntu0.1) ... Selecting previously unselected package ncurses-term. Preparing to unpack .../ncurses-term_6.3-2_all.deb ... Unpacking ncurses-term (6.3-2) ... Selecting previously unselected package ssh-import-id. Preparing to unpack .../ssh-import-id_5.11-0ubuntu1_all.deb ... Unpacking ssh-import-id (5.11-0ubuntu1) ... Setting up openssh-sftp-server (1:8.9p1-3ubuntu0.1) ... Setting up openssh-server (1:8.9p1-3ubuntu0.1) ... Creating config file /etc/ssh/sshd_config with new version Creating SSH2 RSA key; this may take some time ... 3072 SHA256:LuA+Z3qEjxo4t7irBiebYT9PUK0Ew6Cpnthtee3ZI2Y email@example.com (RSA) Creating SSH2 ECDSA key; this may take some time ... 256 SHA256:GFUwcyA8bwrb6JcSJ+aoqQACZmr4cNd+tkgH6WaaH58 firstname.lastname@example.org (ECDSA) Creating SSH2 ED25519 key; this may take some time ... 256 SHA256:iZLZ7okesV19laFemiNzqd3pvWEsbiss9xeQphDez2Q email@example.com (ED25519) Created symlink /etc/systemd/system/sshd.service → /lib/systemd/system/ssh.service. Created symlink /etc/systemd/system/multi-user.target.wants/ssh.service → /lib/systemd/system/ssh.service. rescue-ssh.target is a disabled or a static unit, not starting it. ssh.socket is a disabled or a static unit, not starting it. Setting up ssh-import-id (5.11-0ubuntu1) ... Setting up ncurses-term (6.3-2) ... Setting up ssh (1:8.9p1-3ubuntu0.1) ... Processing triggers for man-db (2.10.2-1) ... Processing triggers for ufw (0.36.1-4build1) ... Rules updated for profile 'Apache' Rules updated for profile 'Nginx Full' Firewall reloaded
Until this point we have installed ssh software on the system successfully.
2. Create SFTP group and user
In this step, we will create new group and user that will be used to access the SFTP server.
1. Create a group with the name we select. For this task, we will use addgroup command line.
ramans@dev01:~$ sudo addgroup sftpgrp01 Adding group `sftpgrp01' (GID 1001) ... Done.
2. Create new user with the name we choose and adding it to the group we created. In this example, we will use sftpuser01 for the user.
ramans@dev01:~$ sudo useradd -m sftpuser01 -g sftpgrp01
3. Add a password to the new SFTP usersudo passwd sftpuser1
ramans@dev01:~$ sudo passwd sftpuser01 New password: Retype new password: passwd: password updated successfully
4. Set the permision new SFTP user to access to their new home directory
ramans@dev01:~$ sudo chmod 700 /home/sftpuser01/
3. Configure the SSH service
At this step, we will configure the ssh service on the system. The main configuration will be locate at /etc/ssh/sshd_config file. We will configure this file to allow sftp user accepting sftp connection. For this purpose we will appedn these line at /etc/ssh/sshd_config file.
ramans@dev01:~$ sudo vi /etc/ssh/sshd_config Match group sftpgrp01 ChrootDirectory /home X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
The configuration has the meaning if the member of sftpgrp01 having access and use their home directories via the SFTP while preventing any other normal SSH access to those files. after the configuration is done and saved, then we will restart the sftp service by submitting command line below.
$ sudo systemctl restart ssh $ sudo systemctl status ssh
ramans@dev01:~$ sudo systemctl restart ssh ramans@dev01:~$ sudo systemctl status ssh ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2023-03-03 22:11:00 WIB; 12s ago Docs: man:sshd(8) man:sshd_config(5) Process: 27202 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS) Main PID: 27203 (sshd) Tasks: 1 (limit: 9406) Memory: 1.7M CPU: 22ms CGroup: /system.slice/ssh.service └─27203 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups" Mar 03 22:11:00 dev01.bckinfo.com systemd: Starting OpenBSD Secure Shell server... Mar 03 22:11:00 dev01.bckinfo.com sshd: Server listening on 0.0.0.0 port 22. Mar 03 22:11:00 dev01.bckinfo.com sshd: Server listening on :: port 22. Mar 03 22:11:00 dev01.bckinfo.com systemd: Started OpenBSD Secure Shell server.
4. Testing Connection To The sftp Server
At this step, we will test the connection to sftp server, to make sure whether our sftp server settings are running well or not. For this purpose, we will use the command line:
$ sftp sftpuser01@dev01
ramans@dev01:~$ sftp sftpuser01@dev01 The authenticity of host 'dev01 (127.0.1.1)' can't be established. ED25519 key fingerprint is SHA256:iZLZ7okesV19laFemiNzqd3pvWEsbiss9xeQphDez2Q. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added 'dev01' (ED25519) to the list of known hosts. sftpuser01@dev01's password: Connected to dev01. sftp>
By using this command line, we have logged in the server, where the default directory is the
/home as specified in the
ChrootDirectory /home directive in the ssh server configs.
This article explains how we setup an sftp server on Ubuntu 22.04 LTS. We have done the practice directly on the operating system that we have.