Knowledgebase

Setup SFTP User Accounts on Ubuntu 20.04 Print

  • 0

Secure file transfer protocol (SFTP) is a secure way of transferring files between a local and remote computer using an encrypted SSH session. It is an improved version of the traditional file transfer protocol (FTP), which adds a layer of security during the file transfer and connection establishment processes.

In this guide, you will set up SFTP User accounts on Ubuntu 20.04, and allow the user to strictly access files within the home directory.

Prerequisites

Setup SFTP

Create a new SFTP Users Group. Replace sftpcorner with your desired group name.

$ sudo addgroup sftpcorner

Create a new user account. Replace exampleuser with your desired user name.

$ sudo adduser exampleuser

Enter the user’s full name, password to continue.

Then, add the user to the SFTP group.

$ sudo usermod -G sftpcorner exampleuser

Restrict the user from accessing files outside the home directory.

$ sudo chown root:root /home/exampleuser

Now, create new subdirectories within the user home directory. These are used for file transfer.

$ sudo mkdir /home/exampleuser/uploads  

Grant the user ownership rights to the subdirectories.

$ sudo chown -R exampleuser:exampleuser /home/exampleuser/uploads

Then, allow read and write permissions to all files within the home directory.

$ sudo chmod -R 755 /home/exampleuser/  

Configure SFTP

With the sftp group and user accounts created, enable SFTP in the main SSH configuration file.

Using an editor of your choice, open the file /etc/ssh/sshd_config.

$ sudo vim /etc/ssh/sshd_config

Add the following lines to the end of the file. Replace sftpcorner with your actual sftp group.

Match Group sftpcorner
ChrootDirectory %h
PasswordAuthentication yes
AllowTcpForwarding no
X11Forwarding no
ForceCommand internal-sftp

Save and close the file.

Below are the functions for each of the above configuration lines:

  • Match Group sftpcorner: Match the user group sftpcorner.
  • ChrootDirectory %h: Restrict access to directories within the user's home directory.
  • PasswordAuthentication yes: Enable password authentication.
  • AllowTcpForwarding no: Disable TCP forwarding.
  • X11Forwarding no: Don't permit Graphical displays.
  • ForceCommand internal-sftp: Enable SFTP only with no shell access.

Also, confirm if SFTP is enabled (it is by default). The line below should be uncommented in /etc/ssh/sshd_config:

# override default of no subsystems
Subsystem sftp  /usr/lib/openssh/sftp-server

Restart the SSH server for changes to take effect.

$ sudo systemctl restart sshd

Login to SFTP

Open a new terminal window and log in with sftp using a valid user account and password.

$ sftp exampleuser@SERVER-IP

OR

$ sftp exampleuser@127.0.01 (If running within the same server SSH session)

List files within the directory. Your output should be similar to the one below:

exampleuser@127.0.0.1's password: 
Connected to 127.0.0.1.
sftp> ls
uploads  
sftp>

Also, try creating a new directory within the subdirectory to test user permissions.

sftp> cd uploads
sftp> mkdir files

Confirm creation of the new directory:

sftp> ls
files  
sftp>

FileZilla and Cyberduck are the most popular SFTP clients available for Windows, Mac, and Linux desktop to test connectivity using a desktop client.

Conclusion

In this guide, you successfully set up SFTP on a Ubuntu 20.04 server, then tested connectivity through a terminal session and FileZilla. You can create multiple users with different directories to securely upload and download files on your server.

Secure file transfer protocol (SFTP) is a secure way of transferring files between a local and remote computer using an encrypted SSH session. It is an improved version of the traditional file transfer protocol (FTP), which adds a layer of security during the file transfer and connection establishment processes. In this guide, you will set up SFTP User accounts on Ubuntu 20.04, and allow the user to strictly access files within the home directory. Prerequisites An active Ubuntu 20.04 Rcs Server SSH and Login to access the server Setup SFTP Create a new SFTP Users Group. Replace sftpcorner with your desired group name. $ sudo addgroup sftpcorner Create a new user account. Replace exampleuser with your desired user name. $ sudo adduser exampleuser Enter the user’s full name, password to continue. Then, add the user to the SFTP group. $ sudo usermod -G sftpcorner exampleuser Restrict the user from accessing files outside the home directory. $ sudo chown root:root /home/exampleuser Now, create new subdirectories within the user home directory. These are used for file transfer. $ sudo mkdir /home/exampleuser/uploads Grant the user ownership rights to the subdirectories. $ sudo chown -R exampleuser:exampleuser /home/exampleuser/uploads Then, allow read and write permissions to all files within the home directory. $ sudo chmod -R 755 /home/exampleuser/ Configure SFTP With the sftp group and user accounts created, enable SFTP in the main SSH configuration file. Using an editor of your choice, open the file /etc/ssh/sshd_config. $ sudo vim /etc/ssh/sshd_config Add the following lines to the end of the file. Replace sftpcorner with your actual sftp group. Match Group sftpcorner ChrootDirectory %h PasswordAuthentication yes AllowTcpForwarding no X11Forwarding no ForceCommand internal-sftp Save and close the file. Below are the functions for each of the above configuration lines: Match Group sftpcorner: Match the user group sftpcorner. ChrootDirectory %h: Restrict access to directories within the user's home directory. PasswordAuthentication yes: Enable password authentication. AllowTcpForwarding no: Disable TCP forwarding. X11Forwarding no: Don't permit Graphical displays. ForceCommand internal-sftp: Enable SFTP only with no shell access. Also, confirm if SFTP is enabled (it is by default). The line below should be uncommented in /etc/ssh/sshd_config: # override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server Restart the SSH server for changes to take effect. $ sudo systemctl restart sshd Login to SFTP Open a new terminal window and log in with sftp using a valid user account and password. $ sftp exampleuser@SERVER-IP OR $ sftp exampleuser@127.0.01 (If running within the same server SSH session) List files within the directory. Your output should be similar to the one below: exampleuser@127.0.0.1's password: Connected to 127.0.0.1. sftp> ls uploads sftp> Also, try creating a new directory within the subdirectory to test user permissions. sftp> cd uploads sftp> mkdir files Confirm creation of the new directory: sftp> ls files sftp> FileZilla and Cyberduck are the most popular SFTP clients available for Windows, Mac, and Linux desktop to test connectivity using a desktop client. Conclusion In this guide, you successfully set up SFTP on a Ubuntu 20.04 server, then tested connectivity through a terminal session and FileZilla. You can create multiple users with different directories to securely upload and download files on your server.

Was this answer helpful?
Back

Powered by WHMCompleteSolution