This article will demonstrate how to install and manage an OpenSSH SFTP Server on Linux. This in effect is a Linux SFTP server using OpenSSH instead of the more common vsftpd package. The question of which of the two options is the best sftp server for linux will not be answered in this article. With most instructions for setting up a linux sftp server being geared towards the vsftpd package, we thought it would be beneficial to provide a detailed article for installing an OpenSSH SFTP Server.
SFTP is the acronym for Secure File Transfer Protocol and is the encrypted option to standard FTP, using the SSH protocol. Many times organizations need to provide a secure method for remote or third party application to transfer files. This article will demonstrate how to create that option for your organization. The steps in this article assume an Ubuntu operating system but can be extended to Redhat as well.
Setup SFTP Server on Linux
Prerequisites
Root privileges for running the administrative commands necessary for creating new SFTP users and configuration.
- Install SSH
sudo apt install ssh
- Edit the /etc/ssh/sshd_config file and the sftpusers group
Match group sftpusers
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
This configuration will allow users to access their home directories.
- Create the sftpusers group
sudo addgroup sftpusers
- Create a new sftp user and add to the sftpusers group
sudo useradd -m <new-user> -g sftpusers
- Set the password for the new user
passwd <new-user>
- Grant permissions to the directory to be used for sftp
mkdir /var/sftp/<new-user>
chown root:sftpusers /var/sftp/<new-user>
chmod 700 /home/<new-user>
If you receiving this error: dest open “”: Permission denied then you need to verify you have set the correct owner and permissions on the sftp folder.
This example demonstrates how to allow the users to use an alternative location to their home directory. First make the new directory. Then, change ownership of the directory. Then, set permissions on the home directory as well.
If your permissions are incorrect, you may encounter the following error even if using the correct password: client_loop: send disconnect: Broken pipe
If using the /var/sftp/<new-user> path, make sure to create a subdirectory with different permissions for the user. For exmaple, /var/sftp/<new-user>/sub should have the permissions set by chown <new-user>:sftpusers /var/sftp/<new-user>/sub
- Change the /etc/passwd file for the new user to look similar to the following
<new-user>:x:<userid>:<groupid>::<homedir>:/sbin/nologin
The /sbin/nologin is required so that the user cannot gain a shell. Depending on how you configured step 6, the <homedir> variable should be the alternative location if used.
- The new user will also need an entry similar to the following in /etc/ssh/sshd_config
Match User <new-user>
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp/<new-user>
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
- Restart the ssh service
sudo systemctl restart ssh
Linux SFTP login
To login to the new sftp server with the new sftp user, run the following command.
sftp <new-user>@sftp.example.com
You are now able to manage the sftp directory. If you cannot reach the sftp server, remember that the connection must be allowed through your firewall.
Linux SFTP upload
To upload a local file to the remote sftp server run the following command. Make sure you’ve already made the sftp connection in the previous example.
put file.txt
Conclusion – OpenSSH SFTP Server
This article has demonstrated how to install and manage an openssh sftp server. Let us know in the comments if you have any questions or would like to see more in depth examples of managing an sftp server on linux.
Note that any new connection must be allowed through the firewall
Leave a Reply