Objective
The objective is to configure SFPT server over SSH protocol using VSFTPD ftp daemon.Operating System and Software Versions
- Operating System: - Ubuntu 18.04 Bionic
Requirements
The below SFTP configuration procedure assumes that you have already configured your FTP server by following our How to setup FTP server on Ubuntu 18.04 Bionic Beaver guide. Privileged access to your Ubuntu System as root or viasudo command is also required.
Conventions
- # - requires given linux commands to be executed with root privileges either directly as a root user or by use of
sudocommand - $ - requires given linux commands to be executed as a regular non-privileged user
Other Versions of this Tutorial
Ubuntu 20.04 (Focal Fossa)Instructions
Configure FTP server
This tutorial acts as a Part 2, FTP over Secure SSH protocol. From this reason please make sure that you have already configured your FTP server using our How to setup FTP server on Ubuntu 18.04 Bionic Beaver guide before continuing.Configure SSH Daemon
If you have not done so yet, install SSH server:$ sudo apt install sshNext, In order to configure FTP over OpenSSH server use your favorite text editor to edit existing SSHD configuration file
/etc/ssh/sshd_config:
$ sudo nano /etc/ssh/sshd_configand append the following to the end of the file:
Match group sftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Subscribe to Linux Career NEWSLETTER and receive latest Linux news, jobs, career advice and tutorials.
sftp group will be able to access their home directories, however they will be denied SSH shell access. 
Restart SSH server to apply new changes:
$ sudo service ssh restart
Create SFTP user account
We are almost done. All that remains is to create a new user account specific to SFTP service. Let's start by creating a new group calledsftp:
$ sudo addgroup sftp Adding group `sftp' (GID 1001) ... Done.Next, create a new user eg.
sftpuser and assign him to the previously created sftp group:
$ sudo useradd -m sftpuser -g sftpSet a new password for the
sftpuser user:
$ sudo passwd sftpuser Enter new UNIX password: Retype new UNIX password: passwd: password updated successfullyLastly, change access permissions to the user's home directly to deny access to it to any other users on the same system:
$ sudo chmod 700 /home/sftpuser/All done.
User login via SFTP
Our new user with usernamesftpuser is now ready to login to our new SFTP server via sftp:// protocol. Given that your new SFTP server can be resolved via eg. hostname ubuntu-sftp use sftp command to create a new SFTP connection:
$ sftp sftpuser@ubuntu-sftp The authenticity of host 'ubuntu-sftp (10.1.1.4)' can't be established. ECDSA key fingerprint is SHA256:8SSv/iz6OGaF8m0TLcJNtRSitfTm59dOVa57WnRfUx8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ubuntu-sftp' (ECDSA) to the list of known hosts. sftpuser@ubuntu-sftp's password: Connected to ubuntu-sftp. sftp>Navigate to your home directory and confirm write access by creating a new directory:
sftp> cd sftpuser sftp> mkdir sftp-test sftp> ls examples.desktop sftp-test sftp>Another alternative is to make a SFTP connection using any GUI FTP client. The simplest could be to use a Nautilus file manager which should be already installed on your system:
Open Nautilus and click on
Other Locations. Enter sftp://SFTP-SERVER-HOSTNAME-OR-IP-ADDRESS and click Connect.
Enter SFTP user's credentials and click
Connect
Navigate to your home directory
