How to Setup SFTP Server Ubuntu 20.04

What is SFTP?

FTP is a great protocol for accessing and transferring files over the network. It is used by developers and web hosting administrators to manage the websites. However, it is a clear text protocol and not secure to use over an internet connection. Because your credentials and data are transmitted without encryption. This is where the SFTP protocol comes into the picture.

SFTP also known as an “SSH File Transfer Protocol” is a secure file transfer protocol used for transferring large files over the internet. IT provides a secure SSH tunnel and encryption to establish a secure connection. It allows you to provide limited access to specific files and directories. SSH and SFTP were designed by the Internet Engineering Task Force (IETF) for greater web security. SFTP also protects against man-in-the-middle attacks. It can be handy in all situations where sensitive data needs to be protected.

sftp server ubuntu

How Does SFTP Work?

SFTP uses an SSH protocol that provides a secure channel in a client server architecture. SSH uses a public key cryptography to authenticate the server. An SFTP client like FileZilla sends a connection request to the server sends the SSH welcome message with the highest supported protocol version.

 

The client then sends it SSH welcome message with the highest supported protocol version. The server sends its supported algorithms and a small amount of random data as a session cookie, the client also sends it supported algorithms and a random session cookies.

 

The client then starts the key exchange using an algorithm supported by both and sends it to the server. The server replies with its parameters and its public key, the server calculates a hash of all data exchanged so far and signs it using its private key. The signature is sent to the client, the client also calculates the hash of all data exchanged. It checks the signature with the server public key if it does not match the connection is aborted from this point.

 

The client then sends the user ID and password to the server. The server authenticates and replies if access has been granted. The client then asks the server to start the SFTP subsystem. The server returns with success and sends its supported version of the SFTP subsystem to the client.

 

The client then sends a request for file operations, the server checks the permissions for the operation and returns with success of failure.

Features of SFTP

  • Free and Open source
  • IPV6 support
  • Secure data transmission
  • Support command execution
  • TMUX support
  • Support data encryption
  • Support public key authentication
  • Support username and password based authentication

In this post, we will show you how to set up an SFTP server and connect it from the command line and GUI on Ubuntu 20.04.

Install SSH Server

SFTP is based on SSH protocol so the SSH server must be installed in your server. By default, the SSH server package is included in the Ubuntu 20.04 default repository. You can install it using the following command:

				
					apt-get install openssh-server -y
				
			

Once the SSH server package is installed, start the SSH service and enable it to start at system reboot by running the following command:

				
					systemctl start ssh
systemctl enable ssh
				
			

Now, verify whether the SSH service is running or not by running the following command:

				
					systemctl status ssh
				
			

If the SSH service is running, you will get the following output:

				
					● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2021-10-11 03:55:43 UTC; 1h 9min ago
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 692 (sshd)
      Tasks: 1 (limit: 1041)
     Memory: 5.8M
     CGroup: /system.slice/ssh.service
             └─692 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
				
			

At this point, the SSH server package is installed and running. You can now proceed to configure SSH for SFTP.

Configure SSH for SFTP

Next, you will need to edit the SSH configuration file and define SFTP settings. You can do it using the following command:

				
					nano /etc/ssh/sshd_config
				
			

Add the following settings at the end of the file:

				
					Match group sftp
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
				
			

Save and close the file then restart the SSH service to apply the changes:

				
					systemctl restart ssh
				
			

The above configuration will allow all users in the sftp group to access their home directories via SFTP.

Create SFTP User Account

Next, you will need to create an user account for those who want SFTP access. First, create an SFTP group with the following command:

				
					addgroup sftp
				
			

Next, create a new user named sftpuser and adds this user to the sftp group by running the following command.

				
					useradd -m sftpuser -g sftp
				
			

Next, set the password  for sftpuser with the following command:

				
					passwd sftpuser
				
			

Set the password as shown below:

				
					New password: 
Retype new password: 
passwd: password updated successfully
				
			

Next, grant full access to the sftpuser on their own home directory:

				
					chmod 700 /home/sftpuser
				
			

Verify SFTP Connection via Command Line

At this point, the SFTP server is configured. Now, it’s time to connect it from the command line. Go to the client machine and run the following command to login to the SFTP server:

				
					sftp sftpuser@sftp-server-ip
				
			

Once you are connected to the SFTP server, you will get the SFTP shell as shown below:

				
					The authenticity of host '199.247.14.12 (199.247.14.12)' can't be established.
ECDSA key fingerprint is 49:44:93:8d:a5:ae:f4:01:b4:b1:bf:6:02:77:da:e3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '199.247.14.12' (ECDSA) to the list of known hosts.
sftpuser@199.247.14.12's password: 
Connected to 199.247.14.12.
sftp> 
				
			

Now, create a directory on the SFTP server using the following command:

				
					sftp> mkdir testdir
				
			

Next, verify the created directory using the following command:

				
					sftp> ls -l
				
			

Sample output:

				
					drwxr-xr-x    2 sftpuser sftp         4096 Oct 11 05:20 testdir
				
			

Next, exit from the SFTP shell with the following command:

				
					sftp> exit
				
			

Verify SFTP Connection via GUI

You can also connect to the SFTP server using a GUI application like FileZilla or File Manager. Open the Ubuntu File Manager within the Application menu as shown below:

install sftp server ubuntu

In the left pane, click on the Connect to Server. You should see the following screen:

connect sftp

Provide your SFTP server IP address in the sftp://server-ip-address format and click on the Connect. You will be asked to provide your SFTP credentials as shown below:

provide sftp credentials

Provide your SFTP username, password and click on the Connect. After the successful authentication, you will get your SFTP home directory in the following screen:

sftp ssh

Conclusion

In the above guide, we explained how to set up an SFTP server on Ubuntu 20.04. You can now implement an SFTP server in the production environment and grant users FTP access as per their requirements.

Avatar for Hitesh Jethva
Hitesh Jethva

I am a fan of open source technology and have more than 10 years of experience working with Linux and Open Source technologies. I am one of the Linux technical writers for Cloud Infrastructure Services.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x