Objective
The objective is to configure SFPT server over SSH protocol using VSFTPD ftp daemon.
Operating System and Software Versions
- Operating System: – Ubuntu 18.04 Bionic
Requirements
The below SFTP configuration procedure assumes that you have already configured your FTP server by following our How to setup FTP server on Ubuntu 18.04 Bionic Beaver guide. Privileged access to your Ubuntu System as root or via sudo
command is also required.
Conventions
- # – requires given linux commands to be executed with root privileges either directly as a root user or by use of
sudo
command - $ – requires given linux commands to be executed as a regular non-privileged user
Other Versions of this Tutorial
Instructions
Configure FTP server
This tutorial acts as a Part 2, FTP over Secure SSH protocol. From this reason please make sure that you have already configured your FTP server using our How to setup FTP server on Ubuntu 18.04 Bionic Beaver guide before continuing.
Configure SSH Daemon
If you have not done so yet, install SSH server:
$ sudo apt install ssh
Next, In order to configure FTP over OpenSSH server use your favorite text editor to edit existing SSHD configuration file /etc/ssh/sshd_config
:
$ sudo nano /etc/ssh/sshd_config
and append the following to the end of the file:
Match group sftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
The above lines will ensure that users belonging into sftp
group will be able to access their home directories, however they will be denied SSH shell access.

Restart SSH server to apply new changes:
$ sudo service ssh restart
Create SFTP user account
We are almost done. All that remains is to create a new user account specific to SFTP service. Let’s start by creating a new group called sftp
:
$ sudo addgroup sftp Adding group `sftp' (GID 1001) ... Done.
Next, create a new user eg. sftpuser
and assign him to the previously created sftp
group:
$ sudo useradd -m sftpuser -g sftp
Set a new password for the sftpuser
user:
$ sudo passwd sftpuser Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
Lastly, change access permissions to the user’s home directly to deny access to it to any other users on the same system:
$ sudo chmod 700 /home/sftpuser/
All done.
User login via SFTP
Our new user with username sftpuser
is now ready to login to our new SFTP server via sftp://
protocol. Given that your new SFTP server can be resolved via eg. hostname ubuntu-sftp
use sftp
command to create a new SFTP connection:
$ sftp sftpuser@ubuntu-sftp The authenticity of host 'ubuntu-sftp (10.1.1.4)' can't be established. ECDSA key fingerprint is SHA256:8SSv/iz6OGaF8m0TLcJNtRSitfTm59dOVa57WnRfUx8. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ubuntu-sftp' (ECDSA) to the list of known hosts. sftpuser@ubuntu-sftp's password: Connected to ubuntu-sftp. sftp>
Navigate to your home directory and confirm write access by creating a new directory:
sftp> cd sftpuser sftp> mkdir sftp-test sftp> ls examples.desktop sftp-test sftp>
Another alternative is to make a SFTP connection using any GUI FTP client. The simplest could be to use a Nautilus file manager which should be already installed on your system:

Open Nautilus and click on Other Locations
. Enter sftp://SFTP-SERVER-HOSTNAME-OR-IP-ADDRESS
and click Connect
.
Enter SFTP user’s credentials and click Connect
Navigate to your home directory