Ubuntu is a safe and reliable platform if you are looking to set up an SFTP server. The Linux distribution offers integrated tools and packages for use with SFTP. Follow our step-by-step instructions to install and configure an Ubuntu SFTP Server and transfer your data encrypted.
SFTP server under Ubuntu: system requirements¶
If you’ve ever compared FTP and SFTP, you know that SFTP is a much better solution. Based on FTP, the SFTP protocol uses cryptographic processes to encrypt your data. It is therefore necessary to install additional components, such as Secure Shell (SSH). To install an SFTP server under the current Ubuntu version 22.04the following system configuration must be respected:
- Processor (CPU) : 2 GHz (dual core)
- RAM : 4GB
- Hard disk space : variable depending on the volume of data
- Operating system : Ubuntu (user with “root” rights)
- Software suite : OpenSSH
- Internet connection : sufficient to download packages and connect to the SFTP server
With a secure FTP server hosted by IONOS, enjoy secure hosting of your files, including regular backup and 24/7 support.
Step-by-step instructions: installing an SFTP server in Ubuntu¶
To configure an FTP server that supports SFTP, first check whether OpenSSH is well installed. Packages are already available by default in Ubuntu. If not, grab said packages from the official repository.
Open the terminal of your Ubuntu system and run the commands given below.
Step 1: Check OpenSSH Packages¶
This command lists all installed packages by applying the “ssh” filter:
In our example, this gives the following result:
If the characters “ii” are displayed, then the packages are successfully installed.
Step 2: Install SSH¶
OpenSSH not installed? You can fix this using the package manager APT :
$ sudo apt install ssh
bash
Step 3: Change SSHD Configuration¶
After installation, the SSH daemon configuration file must be adapted. To access it, you can for example use the Nano editor:
$ sudo nano /etc/ssh/sshd_config
bash
Then enter the following lines of code:
Match Group sftpgroup
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
bash
This allows users in the SFTP group to access their home directory via SFTP.
Dedicated servers with IONOS
At the crossroads of hardware and the Cloud: dedicated servers with Cloud integration and per-minute billing + personal advisor!
24/7 support
Unlimited traffic
SSL certificate
Step 4: Restart the SSH Service¶
Once the configuration file has been modified, you must restart the SSH service:
$ sudo systemctl restart sshd
bash
Step 5: Create an SFTP User and Group¶
The next step is to create a new group “sftpgroup”, as well as a new user “sftpuser”. For security reasons, it should only be able to access your SFTP server under Ubuntu, and not the SSH service.
$ sudo groupadd sftpgroup
bash
The new user is added to the SFTP group with the “-G” option. The “-d” option allows you to define the home directory, while the “-s” option controls access to the shell.
$ sudo useradd -G sftpgroup -d /srv/sftpuser -s /sbin/nologin sftpuser
bash
Step 6: Create a Password for SFTP User¶
Choose a secure password for the SFTP user using the “passwd” command:
Step 7: Configure the “chroot” directory¶
Creating a “chroot” directory allows you to set up a sandbox for running processes. Start by creating a new folder:
$ mkdir -p /srv/sftpuser
bash
Ownership is then assigned to the “root” user using “chown”:
$ sudo chown root /srv/sftpuser
bash
You must then assign read and execute rights to the group:
$ sudo chmod g+rx /srv/sftpuser
bash
Then create a subdirectory and set “sftpuser” as owner:
$ mkdir -p /srv/sftpuser/data
$ chown sftpuser:sftpuser /srv/sftpuser/data
bash
So SFTP user can upload files to subdirectory “ data ”, with rights that remain limited in the “sftpuser” directory. For security reasons, it has read rights, but not write rights.
Step 8: Connect to SFTP Server with Ubuntu¶
The connection to the SFTP server can be established using the SFTP command line or an FTP client with GUI. Enter the command “sftp” in the terminal, followed by the username and hostname or IP address of the SFTP server.
$ sftp sftpuser@SERVER-IP
bash
If using a user-defined port, it can be specified as follows:
$ sftp -P PORT ftpuser@SERVER-IP
bash
You will then need to enter the password for the SFTP user.
Step 9: Upload Files to SFTP Server¶
To upload your files to the SFTP server, you should use the “put” command.
Try transferring a file to the “/” directory:
put /path/to/file/on/local /
bash
This command should not work because it concerns the “chroot” directory for which the SFTP user does not have write permission.
Now try again with the “data” directory:
put /path/to/file1/on/local1 /data/
bash
Step 10: View Files on SFTP Server in Ubuntu¶
List the files in the SFTP command line with the “ls” command:
Files that are on the SFTP server appear here: