Setup sftp on your server under linux (Debian)

  • Date : December 28, 2017

This is a small memo on how to easily install and configure an SFTP server under Debian Jessie.

What is an SFTP server

An SFTP server is a Secure File Transfer Protocol as its name suggests. With this protocol, the file transfer is encrypted end-to-end, which makes it possible to secure the file sending without being read or intercepted. SFTP is a special configuration of the SSH server, because the SFTP is based on SSH and not on FTP.

Why an SFTP server instead of a secure FTP?

An FTP server (File Transfer Protocol) also allows to transfer files but not securely. It is possible to encrypt the transfer but it requires a complex configuration. With SFTP it’s easier to implement and moreover, it’s more secure.

For those who still want to install a secure FTP server, please read this article.

Installing and configuring the OpenSSH server

Installing the openssh-server package:

apt install openssh-server

Edit the SSH server configuration file:

nano /etc/ssh/sshd_config

Configuration de base su serveur SSH :

  • Changer le port d’écoute 22 par autre de votre choix :
Port 666

Forbid connections from the root account (Be careful before banning root, make sure you have another user, who can connect to SSH on the server):

PermitRootLogin no

SFTP configuration: Add these lines at the end of the configuration file:

Subsystem sftp internal-sftp
         Match group sftp
         ChrootDirectory /home/%u
         X11Forwarding no
         AllowTcpForwarding no

Quit saving the changes using the key combination: Ctrl + x and answer Y.

Explanation of SFTP Options:

  • Subsystem sftp internal-sftp: Indication for using the SFTP server
  • Match group sftp: Only users belonging to the sftp group will be able to connect to the server.
  • ChrootDirectory / home /% u: set the chroot destination root directory), which is here the home directory of each user.
  • X11Forwarding no: Prohibit access to the graphical server.
  • AllowTcpForwarding yes: Allow TCP port redirection
  • The setting up of a chroot, allows to imprison the user in his root directory and will not be able to wander in all the directories of the server. Add these lines at the end of the configuration file:…

Adding a user to access SFTP only

Adding the sftp group:

addgroup sftp

Create the directory for the user “root”:

mkdir -p / home / fred

Add a user without shell access, with his home directory and add to the sftp group:

useradd -s / bin / false -d / home / fred -g sftp fred

Set a password for this new user:

passwd fred

Root rights to the user directory fred:

chown root: root / home / fred /

Change directory rights:

Attention here, only write rights can be attributed to root and only to him!

chmod -R 770 / home / fred /

Rename the user directory:

usermod -d / fred

SFTP Server Connection Test

Enabling SFTP Server:

systemctl restart ssh

Connection test:

In command line:

sftp fred@sftp-server.domain.tld

With the help of Filezilla, be careful to put the protocol sftp: //:

© 2015 - 2024 YOCTOBE LTD. All rights reserved.