How to Install and Configure OpenSSH Server for SFTP
How to Install and Configure OpenSSH Server for SFTP. In this post, we introduce OpenSSH, SFTP, then shows you how to set up an SFTP server using OpenSSH server.
SFTP is one of the secure ways to exchange and control files. It is a network protocol that maintains the confidentiality of your files when transferring between businesses. The Internet Engineering Task Force created SFTP as an extension of Secure Shell (SSH) to provide access, file management, and transfer over a network. Let us learn about SFTP in detail and how it can be advantages for your business.
What is OpenSSH?
OpenSSH server is a popular implementation of SSH protocol that allows networked computers to be remotely controlled and for data transfer. You can maintain the security of your confidential data over an unsecured network with an OpenSSH server. You can communicate across the Internet or an unsecured network easily with this tool. Further, you can execute commands and connect to a host system securely.
It comes with various features like port forwarding, and authentication techniques. The X11 forwarding feature of the OpenSSH server also allows for the secure transmission of graphical applications from the server to the client. This feature increases usability and productivity by enabling users to run graphical apps on a remote server while viewing them on their local computer.
What is Secure File Transfer Protocol (SFTP)?
SFTP is a component of the SSH Protocol that allows for simple data access and secure transfer through an SSH data stream. It supports SSH keys, encryptions, and other security measures to deliver a high level of security when transferring files from one system to the other. The network protocol uses SSH connections for encryptions and WinSCP and SFTP clients for file transfers.
It is advisable to select SFTP over other protocols, including FTP, if you’re seeking for a protocol that enables secure server to server file transfers. When transferring data to the server, SFTP establishes a secure connection using the SSH keys. Users can securely transfer files on both the local and remote systems with SFTP.
Advantages of Secure File Transfer Protocol (SFTP)
There are many benefits to choosing Secure File Transfer Protocol (SFTP) over other protocols.
- It protects your data at all times (during transit or at rest) against unauthorized parties.
- Offers IPV6 HTTP protocol support and command execution over SSH channel.
- It guarantees that client server architecture can exchange data securely over a reliable network connection.
- For high level security, it also provides access to Public key authentication
- It helps maintain the confidentiality of your information and prevents hackers from gaining any access to it.
- Further, it helps meet data security standards such as GDPR and CCPA using SFTP.
- During the procedure or operation, it guarantees that all files are encrypted and cannot be accessed by unauthorised individuals.
Another best part about Secure File Transfer Protocol (SFTP) is companies gain access to activate or deactivate the SFTP’s encryption system based on their requirements and preferences.
How to Install and Configure OpenSSH Server for SFTP
In this section, we will show you how to install an OpenSSH server and set up SFTP to transfer files over the secure network.
Prerequisites
- An Ubuntu Linux is installed on your server.
- A root user or a user with sudo privileges.
Install OpenSSH Server
First, install an OpenSSH server package on your server. You can install it using the following command.
apt install ssh -y
Once the OpenSSH server is installed, start the SSH service and enable it to start at system reboot.
systemctl start ssh
systemctl enable ssh
You can also check the status of the SSH service with the following command.
systemctl status ssh
This will show you an SSH running status on the following screen.
At this point, OpenSSH is started and listens on port 22.Verify it using the following command.
ss -antpl | grep ssh
Output.
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=111963,fd=3))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=111963,fd=4))
Create an SFTP User
Now, create a user and group for SFTP. First, create a group for SFTP using the following command.
addgroup sftp
Then, add a user named sftpuser with the following command.
adduser sftpuser
You will be asked to set a password for your user as shown below.
Next, add your user to the SFTP group.
usermod -a -G sftp sftpuser
Create an SFTP Directory
Next, you will need to create a directory to which you want to grant access to the SFTP user. Let’s create a directory called private with the following command.
mkdir -p /var/sftp/private
After that, change the ownership of the SFTP directory.
chown root:root /var/sftp
chown sftpuser:sftpuser /var/sftp/private
Then, set proper permission to the SFTP directory.
chmod 755 /var/sftp
Set Up an SFTP Server
Now, you will need to edit the OpenSSH configuration file to set up an SFTP server.
nano /etc/ssh/sshd_config
Add the following configuration at the end of the file.
Match User sftpuser
ChrootDirectory /var/sftp
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Save and close the file then restart the SSH service to implement the changes.
systemctl restart ssh
Now, test the SFTP server via SSH.
ssh sftpuser@localhost
Provide your user’s password to authenticate the SSH server.
As you see in the above output, you can not connect to the SFTP server using SSH. Because SFTP is configured only for SFTP connection.
Verify SFTP Server via CLI
To test the SFTP server, go to the remote server and run the following command to connect the SFTP server using the SFTP command.
sftp sftpuser@server-ip
After the successful authentication, you will see the following screen.
Now, run the following command to list content of the SFTP directory.
sftp>ls
You will see the following output.
private
Now, let’s create a directory called test1 inside the private directory.
sftp> mkdir private/test1
Then, verify your created directory using the following command.
sftp> ls private/
Output.
private/test1
Finally, exit from the SFTP shell using the following command.
sftp> exit
Verify SFTP Server via FileZilla GUI Client
You can also connect to the SFTP server using the FileZilla GUI client. First, open FileZilla on the remote machine.
Next, click on create connection. You will see the following screen.
Provide your SFTP server IP, port, username, password, and click on the Connect button. You will be prompted to trust the SFTP host.
Click on the OK button. You will see your SFTP server directory on the following screen.
How to Install and Configure OpenSSH Server for SFTP Conclusion
In this post, we installed an OpenSSH server and configured it to use it as an SFTP server. Then, we showed you how to connect the SFTP server via CLI and GUI method. I hope you can now easily set up your SFTP server using SSH and securely transfer files over the internet.
Most businesses use SFTP over SSH for it is a secure mode of transmission and prevents data from getting into the hands of hackers or stealers. The popular network protocol makes use of SSH keys and encryptions to secure the channel for data transmission. It allows businesses to establish a connection that is highly secure between hosts, servers, and different systems.
Additionally, SFTP is completely flexible and offers full control over the files or data. It ensures that the data remains protected during transit, even at rest. SFTP is also compatible with all platforms and supports Triple DES and AES algorithms for data encryption.
