How to Install and Configure OpenSSH Server for SFTP

How to Install and Configure OpenSSH Server for SFTP. In this post, we introduce OpenSSH, SFTP, then shows you how to set up an SFTP server using OpenSSH server.

SFTP is one of the secure ways to exchange and control files. It is a network protocol that maintains the confidentiality of your files when transferring between businesses. The Internet Engineering Task Force created SFTP as an extension of Secure Shell (SSH) to provide access, file management, and transfer over a network. Let us learn about SFTP in detail and how it can be advantages for your business.

What is OpenSSH?

OpenSSH server is a popular implementation of SSH protocol that allows networked computers to be remotely controlled and for data transfer. You can maintain the security of your confidential data over an unsecured network with an OpenSSH server. You can communicate across the Internet or an unsecured network easily with this tool. Further, you can execute commands and connect to a host system securely.

It comes with various features like port forwarding, and authentication techniques. The X11 forwarding feature of the OpenSSH server also allows for the secure transmission of graphical applications from the server to the client. This feature increases usability and productivity by enabling users to run graphical apps on a remote server while viewing them on their local computer.

What is Secure File Transfer Protocol (SFTP)?

SFTP is a component of the SSH Protocol that allows for simple data access and secure transfer through an SSH data stream. It supports SSH keys, encryptions, and other security measures to deliver a high level of security when transferring files from one system to the other. The network protocol uses SSH connections for encryptions and WinSCP and SFTP clients for file transfers.

It is advisable to select SFTP over other protocols, including FTP, if you’re seeking for a protocol that enables secure server to server file transfers. When transferring data to the server, SFTP establishes a secure connection using the SSH keys. Users can securely transfer files on both the local and remote systems with SFTP.

Advantages of Secure File Transfer Protocol (SFTP)

There are many benefits to choosing Secure File Transfer Protocol (SFTP) over other protocols.

  • It protects your data at all times (during transit or at rest) against unauthorized parties.
  • The network protocol supports Triple DES and AES algorithms for encryption.
  • Offers IPV6 HTTP protocol support and command execution over SSH channel.
  • It guarantees that client server architecture can exchange data securely over a reliable network connection.
  • It helps maintain the confidentiality of your information and prevents hackers from gaining any access to it.
  • Further, it helps meet data security standards such as GDPR and CCPA using SFTP.
  • During the procedure or operation, it guarantees that all files are encrypted and cannot be accessed by unauthorised individuals.

Another best part about Secure File Transfer Protocol (SFTP) is companies gain access to activate or deactivate the SFTP’s encryption system based on their requirements and preferences.

How to Install and Configure OpenSSH Server for SFTP

In this section, we will show you how to install an OpenSSH server and set up SFTP to transfer files over the secure network.

Prerequisites

  • A root user or a user with sudo privileges.

Install OpenSSH Server

First, install an OpenSSH server package on your server. You can install it using the following command.

				
					apt install ssh -y
				
			

Once the OpenSSH server is installed, start the SSH service and enable it to start at system reboot.

				
					systemctl start ssh
systemctl enable ssh
				
			

You can also check the status of the SSH service with the following command.

				
					systemctl status ssh
				
			

This will show you an SSH running status on the following screen.

At this point, OpenSSH is started and listens on port 22.Verify it using the following command.

				
					ss -antpl | grep ssh
				
			

Output.

				
					LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=111963,fd=3))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=111963,fd=4))

				
			

Create an SFTP User

Now, create a user and group for SFTP. First, create a group for SFTP using the following command.

				
					addgroup sftp
				
			

Then, add a user named sftpuser with the following command.

				
					adduser sftpuser
				
			

You will be asked to set a password for your user as shown below.

Next, add your user to the SFTP group.

				
					usermod -a -G sftp sftpuser
				
			

Create an SFTP Directory

Next, you will need to create a directory to which you want to grant access to the SFTP user. Let’s create a directory called private with the following command.

				
					mkdir -p /var/sftp/private
				
			

After that, change the ownership of the SFTP directory.

				
					chown root:root /var/sftp
chown sftpuser:sftpuser /var/sftp/private

				
			

Then, set proper permission to the SFTP directory.

				
					chmod 755 /var/sftp
				
			

Set Up an SFTP Server

Now, you will need to edit the OpenSSH configuration file to set up an SFTP server.

				
					nano /etc/ssh/sshd_config
				
			

Add the following configuration at the end of the file.

				
					Match User sftpuser
ChrootDirectory /var/sftp
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
				
			

Save and close the file then restart the SSH service to implement the changes.

				
					systemctl restart ssh
				
			

Now, test the SFTP server via SSH.

				
					ssh sftpuser@localhost
				
			

Provide your user’s password to authenticate the SSH server.

As you see in the above output, you can not connect to the SFTP server using SSH. Because SFTP is configured only for SFTP connection.

Verify SFTP Server via CLI

To test the SFTP server, go to the remote server and run the following command to connect the SFTP server using the SFTP command.

				
					sftp sftpuser@server-ip
				
			

After the successful authentication, you will see the following screen.

Now, run the following command to list content of the SFTP directory.

				
					sftp>ls
				
			

You will see the following output.

				
					private
				
			

Now, let’s create a directory called test1 inside the private directory.

				
					sftp> mkdir private/test1
				
			

Then, verify your created directory using the following command.

				
					sftp> ls private/
				
			

Output.

				
					private/test1
				
			

Finally, exit from the SFTP shell using the following command.

				
					sftp> exit
				
			

Verify SFTP Server via FileZilla GUI Client

You can also connect to the SFTP server using the FileZilla GUI client. First, open FileZilla on the remote machine.

Next, click on create connection. You will see the following screen.

Provide your SFTP server IP, port, username, password, and click on the Connect button. You will be prompted to trust the SFTP host.

Click on the OK button. You will see your SFTP server directory on the following screen.

How to Install and Configure OpenSSH Server for SFTP Conclusion

In this post, we installed an OpenSSH server and configured it to use it as an SFTP server. Then, we showed you how to connect the SFTP server via CLI and GUI method. I hope you can now easily set up your SFTP server using SSH and securely transfer files over the internet.

Most businesses use SFTP over SSH for it is a secure mode of transmission and prevents data from getting into the hands of hackers or stealers. The popular network protocol makes use of SSH keys and encryptions to secure the channel for data transmission. It allows businesses to establish a connection that is highly secure between hosts, servers, and different systems.

Additionally, SFTP is completely flexible and offers full control over the files or data. It ensures that the data remains protected during transit, even at rest. SFTP is also compatible with all platforms and supports Triple DES and AES algorithms for data encryption.

Avatar for Hitesh Jethva
Hitesh Jethva

I am a fan of open source technology and have more than 10 years of experience working with Linux and Open Source technologies. I am one of the Linux technical writers for Cloud Infrastructure Services.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x