What is SFTP?
FTP is a great protocol for accessing and transferring files over the network. It is used by developers and web hosting administrators to manage the websites. However, it is a clear text protocol and not secure to use over an internet connection. Because your credentials and data are transmitted without encryption. This is where the SFTP protocol comes into the picture.
SFTP also known as an “SSH File Transfer Protocol” is a secure file transfer protocol used for transferring large files over the internet. IT provides a secure SSH tunnel and encryption to establish a secure connection. It allows you to provide limited access to specific files and directories. SSH and SFTP were designed by the Internet Engineering Task Force (IETF) for greater web security. SFTP also protects against man-in-the-middle attacks. It can be handy in all situations where sensitive data needs to be protected.
How Does SFTP Work?
SFTP uses an SSH protocol that provides a secure channel in a client server architecture. SSH uses a public key cryptography to authenticate the server. An SFTP client like FileZilla sends a connection request to the server sends the SSH welcome message with the highest supported protocol version.
The client then sends it SSH welcome message with the highest supported protocol version. The server sends its supported algorithms and a small amount of random data as a session cookie, the client also sends it supported algorithms and a random session cookies.
The client then starts the key exchange using an algorithm supported by both and sends it to the server. The server replies with its parameters and its public key, the server calculates a hash of all data exchanged so far and signs it using its private key. The signature is sent to the client, the client also calculates the hash of all data exchanged. It checks the signature with the server public key if it does not match the connection is aborted from this point.
The client then sends the user ID and password to the server. The server authenticates and replies if access has been granted. The client then asks the server to start the SFTP subsystem. The server returns with success and sends its supported version of the SFTP subsystem to the client.
The client then sends a request for file operations, the server checks the permissions for the operation and returns with success of failure.
Features of SFTP
- Free and Open source
- IPV6 support
- Secure data transmission
- Support command execution
- TMUX support
- Support data encryption
- Support public key authentication
- Support username and password based authentication
Install SSH Server
SFTP is based on SSH protocol so the SSH server must be installed in your server. By default, the SSH server package is included in the Ubuntu 20.04 default repository. You can install it using the following command:
apt-get install openssh-server -y
Once the SSH server package is installed, start the SSH service and enable it to start at system reboot by running the following command:
systemctl start ssh systemctl enable ssh
Now, verify whether the SSH service is running or not by running the following command:
systemctl status ssh
If the SSH service is running, you will get the following output:
● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2021-10-11 03:55:43 UTC; 1h 9min ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 692 (sshd) Tasks: 1 (limit: 1041) Memory: 5.8M CGroup: /system.slice/ssh.service └─692 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
At this point, the SSH server package is installed and running. You can now proceed to configure SSH for SFTP.
Configure SSH for SFTP
Next, you will need to edit the SSH configuration file and define SFTP settings. You can do it using the following command:
Add the following settings at the end of the file:
Match group sftp ChrootDirectory %h X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
Save and close the file then restart the SSH service to apply the changes:
systemctl restart ssh
The above configuration will allow all users in the sftp group to access their home directories via SFTP.
Create SFTP User Account
Next, you will need to create an user account for those who want SFTP access. First, create an SFTP group with the following command:
Next, create a new user named sftpuser and adds this user to the sftp group by running the following command.
useradd -m sftpuser -g sftp
Next, set the password for sftpuser with the following command:
Set the password as shown below:
New password: Retype new password: passwd: password updated successfully
Next, grant full access to the sftpuser on their own home directory:
chmod 700 /home/sftpuser
Verify SFTP Connection via Command Line
At this point, the SFTP server is configured. Now, it’s time to connect it from the command line. Go to the client machine and run the following command to login to the SFTP server:
Once you are connected to the SFTP server, you will get the SFTP shell as shown below:
The authenticity of host '188.8.131.52 (184.108.40.206)' can't be established. ECDSA key fingerprint is 49:44:93:8d:a5:ae:f4:01:b4:b1:bf:6:02:77:da:e3. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '220.127.116.11' (ECDSA) to the list of known hosts. firstname.lastname@example.org's password: Connected to 18.104.22.168. sftp>
Now, create a directory on the SFTP server using the following command:
sftp> mkdir testdir
Next, verify the created directory using the following command:
sftp> ls -l
drwxr-xr-x 2 sftpuser sftp 4096 Oct 11 05:20 testdir
Next, exit from the SFTP shell with the following command:
Verify SFTP Connection via GUI
You can also connect to the SFTP server using a GUI application like FileZilla or File Manager. Open the Ubuntu File Manager within the Application menu as shown below:
In the left pane, click on the Connect to Server. You should see the following screen:
Provide your SFTP server IP address in the sftp://server-ip-address format and click on the Connect. You will be asked to provide your SFTP credentials as shown below:
Provide your SFTP username, password and click on the Connect. After the successful authentication, you will get your SFTP home directory in the following screen:
In the above guide, we explained how to set up an SFTP server on Ubuntu 20.04. You can now implement an SFTP server in the production environment and grant users FTP access as per their requirements.