ObjectiveThe objective is to configure SFPT server over SSH protocol using VSFTPD ftp daemon.
Operating System and Software Versions
- Operating System: - Ubuntu 18.04 Bionic
RequirementsThe below SFTP configuration procedure assumes that you have already configured your FTP server by following our How to setup FTP server on Ubuntu 18.04 Bionic Beaver guide. Privileged access to your Ubuntu System as root or via
sudocommand is also required.
- # - requires given linux commands to be executed with root privileges either directly as a root user or by use of
- $ - requires given linux commands to be executed as a regular non-privileged user
Configure FTP serverThis tutorial acts as a Part 2, FTP over Secure SSH protocol. From this reason please make sure that you have already configured your FTP server using our How to setup FTP server on Ubuntu 18.04 Bionic Beaver guide before continuing.
Configure SSH DaemonIf you have not done so yet, install SSH server:
$ sudo apt install sshNext, In order to configure FTP over OpenSSH server use your favorite text editor to edit existing SSHD configuration file
$ sudo nano /etc/ssh/sshd_configand append the following to the end of the file:
Match group sftp ChrootDirectory /home X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
The above lines will ensure that users belonging into
sftpgroup will be able to access their home directories, however they will be denied SSH shell access.
Restart SSH server to apply new changes:
$ sudo service ssh restart
Create SFTP user accountWe are almost done. All that remains is to create a new user account specific to SFTP service. Let's start by creating a new group called
$ sudo addgroup sftp Adding group `sftp' (GID 1001) ... Done.Next, create a new user eg.
sftpuserand assign him to the previously created
$ sudo useradd -m sftpuser -g sftpSet a new password for the
$ sudo passwd sftpuser Enter new UNIX password: Retype new UNIX password: passwd: password updated successfullyLastly, change access permissions to the user's home directly to deny access to it to any other users on the same system:
$ sudo chmod 700 /home/sftpuser/All done.
User login via SFTPOur new user with username
sftpuseris now ready to login to our new SFTP server via
sftp://protocol. Given that your new SFTP server can be resolved via eg. hostname
sftpcommand to create a new SFTP connection:
$ sftp sftpuser@ubuntu-sftp The authenticity of host 'ubuntu-sftp (10.1.1.4)' can't be established. ECDSA key fingerprint is SHA256:8SSv/iz6OGaF8m0TLcJNtRSitfTm59dOVa57WnRfUx8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ubuntu-sftp' (ECDSA) to the list of known hosts. sftpuser@ubuntu-sftp's password: Connected to ubuntu-sftp. sftp>Navigate to your home directory and confirm write access by creating a new directory:
sftp> cd sftpuser sftp> mkdir sftp-test sftp> ls examples.desktop sftp-test sftp>Another alternative is to make a SFTP connection using any GUI FTP client. The simplest could be to use a Nautilus file manager which should be already installed on your system:
Open Nautilus and click on
Other Locations. Enter
Enter SFTP user's credentials and click
Navigate to your home directory