SFTP
Contents
What is SFTP
SFTP is the SSH File Transfer Protocol which is an extension of the Secure Shell protocol (SSH) to provide secure file transfer capabilities. It is not to be mistaken for FTP or FTPS. Unlike FTP, SFTP encrypts both commands and data, preventing passwords and sensitive information from being transmitted openly over the network. It cannot interoperate with FTP software. FTPS is an extension to the FTP standard that allows clients to request FTP sessions to be encrypted. This is done by sending the "AUTH TLS" command.
Setting Up a Simple Server
The goal is to setup a SFTP server where the users are chrooted to their home directory, and have limited system powers.
Setting up the Server
Assuming you already have SSH installed, we need to edit the SSH server config file.
- Open the config file
sudo nano /etc/shh/sshd_config
- Comment out the following line with a # at the beginning
#Subsystem sftp /usr/lib/openssh/sftp-server
- Add the following at the end of the file:
Subsystem sftp internal-sftp Match Group sftpusers ChrootDirectory %h ForceCommand internal-sftp X11Forwarding no AllowTCPForwarding no PasswordAuthentication yes
- Restart SSH
sudo service ssh restart
Creating the sftpusers Group
sudo groupadd sftpusers
Create SFTP Users
- Create user
sudo adduser username
- Prevent SSH login & assign user to SFTP group
sudo usermod -G sftpusers username
sudo usermod -s /usr/sbin/nologin username
- Chroot user (limit them to their home directory)
sudo chown root:root /home/username
sudo chmod 755 /home/username
- Give the user a folder to upload to
sudo mkdir /home/username/share
sudo chown username:sftpusers /home/username/share