In this tutorial, we will show you how to setup an SFTP server on Ubuntu 22.04 Jammy Jellyfish.
FTP is a great protocol for accessing and transferring files, but it has the shortcoming of being a clear text protocol. In other words, it’s not secure to use over an internet connection, since your credentials and data are transmitted without encryption. The ‘S’ in SFTP stands for ‘Secure’ and tunnels the FTP protocol through SSH, providing the encryption needed to establish a secure connection.
In this tutorial you will learn:
- How to install and configure SSH daemon
- How to setup an SFTP user account and group
- How to connect to SFTP server via GUI
- How to connect to SFTP server via command line
|Requirements, Conventions or Software Version Used
|Ubuntu 22.04 Jammy Jellyfish
|Privileged access to your Linux system as root or via the
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of
$ – requires given linux commands to be executed as a regular non-privileged user
Configure SSH daemon
- SFTP requires SSH, so if SSH server is not already installed on your system, install it by opening a command line terminal and executing the following commands:
$ sudo apt update $ sudo apt install ssh
- Once SSH is installed, we need to make some changes to the SSHD configuration file. Use nano or your favorite text editor to open it with root privileges:
$ sudo nano /etc/ssh/sshd_config
- Scroll to the bottom of the file and add the following 5 lines at the very end:
Match group sftp ChrootDirectory /home X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
The lines above will allow users in the
sftpgroup to access their home directories via SFTP, but denies them normal SSH access, so they can never access a shell. After pasting those lines, save and close the configuration file.
- Execute the following command in order to restart the SSH service for these new changes to take effect:
$ sudo systemctl restart ssh
With SSH configured properly, we can move on to setting up an SFTP account for a user.
Create SFTP user account
Now we need to create user accounts for anyone that we wish to grant SFTP access to.
- Create a new user group called
sftp. All of our SFTP users will need to belong to this group.
$ sudo addgroup sftp
- Next, create a new user. We’ll simply call ours
sftpuserin this example but you can name it whatever you want. Also be sure to add this user to the
sftpgroup that we just created.
$ sudo useradd -m sftpuser -g sftp
- Set a password for the newly created
sftpuser. You will need to enter the new password twice for verification.
$ sudo passwd sftpuser
- Lastly, let’s grant full access to the user on their own home directory, but deny access to the directory for all other users on the system:
$ sudo chmod 700 /home/sftpuser/
Our SFTP configuration is complete and now we can log in to make sure everything is working properly.
Login to SFTP using command line
You can login via SFTP with either the hostname or IP address of your system. To test from the same system as the one you just configured SFTP on, connecting to the loopback address
127.0.0.1 will work just fine.
- Open a terminal and login using the
sftpcommand and the
sftpuseraccount (or whatever name you decided to use for yours). You will be required to enter the password that we configured in the previous section for this user.
$ sftp firstname.lastname@example.org
- Navigate to the user’s home directory, since that is the only place it has permissions. In here, try making a new directory to confirm that everything is working as intended:
sftp> cd sftpuser sftp> mkdir sftp-test sftp> ls sftp-test sftp>
Login to SFTP using GUI
If you prefer to use a GUI application to connect to your SFTP server, there are lots of options available. You can use your preferred SFTP client or the one built into Ubuntu 22.04 by default – the Nautilus file manager on GNOME.
- Open Nautilus file manager from within the Applications menu.
- Click on “Other Locations” and enter
sftp://127.0.0.1in the “Connect to server” box at the bottom of the window and click connect.
- Enter the SFTP account’s credentials that we setup earlier and click connect.
- Upon a successful connection, you will be able to open your home directory and see the test directory you created earlier.
In the SFTP Server article, we saw how to create an SFTP server and subsequently log in to it on Ubuntu 22.04 Jammy Jellyfish Linux. We also covered how to use the command line and Ubuntu GUI to connect to the FTP server.
In this article, we saw how to secure the FTP protocol by setting up SFTP on our system. By following the instructions in this guide, computers on your local network or across the internet can securely access your system to store and retrieve files, either via the command line or their preferred SFTP client.