How to setup SFTP server on Ubuntu 20.04 Focal Fossa Linux

by

In this guide, we will show you how to setup an SFTP server using VSFTPD on Ubuntu 20.04 Focal Fossa. If you haven’t already, check out our tutorial on How to setup FTP server on Ubuntu 20.04 Focal Fossa with VSFTPD, as this article on SFTP assumes that you’ve applied the configuration covered in the FTP guide.

FTP is a great protocol for accessing and transferring files, but it has the shortcoming of being a clear text protocol. In other words, it’s not secure to use over an internet connection, since your credentials and data are transmitted without encryption. The ‘S’ in SFTP stands for ‘Secure’ and tunnels the FTP protocol through SSH, providing the encryption needed to establish a secure connection.

In this tutorial you will learn:

  • How to install and configure SSH daemon
  • How to setup an SFTP user account and group
  • How to connect to SFTP server via command line
  • How to connect to SFTP server via command line

How to setup SFTP server on Ubuntu 20.04 Focal Fossa Linux

How to setup SFTP server on Ubuntu 20.04 Focal Fossa Linux
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Installed or upgraded Ubuntu 20.04 Focal Fossa
Software VSFTPD, SSH daemon
Other
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

Configure SSH daemon

  1. SFTP requires SSH, so if SSH server is not already installed on your system, install it with the following command: 
    $ sudo apt install ssh
  2. Once SSH is installed, we need to make some changes to the SSHD configuration file. Use nano or your favorite text editor to open it: 
    $ sudo nano /etc/ssh/sshd_config
  3. Scroll to the bottom of the file and add the following 5 lines at the very end: 
    Match group sftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
    SSH configuration file

    SSH configuration file

    The lines above will allow users in the sftp group to access their home directories via SFTP, but denies them normal SSH access, so they can never access a shell. After pasting those lines, save and close the configuration file.

  4. Restart the SSH service for these new changes to take effect: 
    $ sudo systemctl restart ssh

Create SFTP user account

Now we need to create user accounts for anyone that we wish to grant SFTP access to.

  1. Create a new user group called sftp. All of our SFTP users will need to belong to this group. 
    $ sudo addgroup sftp
Adding group `sftp' (GID 1002) ...
Done.
  2. Next, create a new user. We’ll simply call ours sftpuser in this example. Also be sure to add this user to the sftp group. 
    $ sudo useradd -m sftpuser -g sftp
  3. Set a password for the newly created sftpuser: 
    $ sudo passwd sftpuser
New password: 
Retype new password: 
passwd: password updated successfully
  4. Lastly, let’s grant full access to the user on their own home directory, but deny access to the directory for all other users on the system: 
    $ sudo chmod 700 /home/sftpuser/

Our SFTP configuration is complete; now we can login to make sure everything is working properly.

Login to SFTP using command line

You can login via SFTP with either the hostname or IP address of your system. To test from the same system as the one you just configured SFTP on, connecting to the loopback address 127.0.0.1 will work just fine.

  1. Open a terminal and login using the sftp command: 
    $ sftp sftpuser@127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:9HZflwSB64J+SELGLczOuv3f06gT/3ZaZAOezVZn2XQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.
sftpuser@127.0.0.1's password: 
Connected to 127.0.0.1.
sftp>
  2. Navigate to the user’s home directory, since that’s the only place it has permissions. In here, try making a new directory to confirm that everything is working as intended: 
    sftp> cd sftpuser
sftp> mkdir sftp-test
sftp> ls
sftp-test          
sftp>

Login to SFTP using GUI

If you prefer to use a GUI application to connect to your SFTP server, there are lots of options available. You can use your preferred SFTP client or the one built into Ubuntu by default – the Nautilus file manager.

  1. Open Nautilus file manager from within the Applications menu.
  2. Click on “Other Locations” and enter sftp://127.0.0.1 in the “Connect to server” box at the bottom of the window and click connect.
    3. Connect to SFTP server with Nautilus

    Connect to SFTP server with Nautilus
  3. Enter the SFTP account’s credentials that we setup earlier and click connect.
    4. Enter SFTP account credentials to connect

    Enter SFTP account credentials to connect
  4. Upon a successful connection, you’ll be able to open your home directory and see the test directory you created earlier.
    5. Successful connection to SFTP server

    Successful connection to SFTP server

Conclusion

In the FTP Server article, we saw how to use VSFTPD to create an FTP server on Ubuntu 20.04 Focal Fossa. We also covered how to use the command line and Ubuntu GUI to connect to the FTP server.

In this article, we saw how to secure the FTP protocol by setting up SFTP on our system. By following the instructions in this guide, computers on your local network or across the internet can securely access your system to store and retrieve files, either via the command line or their preferred SFTP client.

Related Linux Tutorials: