SFTP

From wiki-ben
Jump to: navigation, search

What is SFTP

SFTP is the SSH File Transfer Protocol which is an extension of the Secure Shell protocol (SSH) to provide secure file transfer capabilities. It is not to be mistaken for FTP or FTPS. Unlike FTP, SFTP encrypts both commands and data, preventing passwords and sensitive information from being transmitted openly over the network. It cannot interoperate with FTP software. FTPS is an extension to the FTP standard that allows clients to request FTP sessions to be encrypted. This is done by sending the "AUTH TLS" command.

Setting Up a Simple Server

The goal is to setup a SFTP server where the users are chrooted to their home directory, and have limited system powers.

Setting up the Server

Assuming you already have SSH installed, we need to edit the SSH server config file.

  1. Open the config file
    sudo nano /etc/shh/sshd_config
  2. Comment out the following line with a # at the beginning
    #Subsystem sftp /usr/lib/openssh/sftp-server
  3. Add the following at the end of the file:
    Subsystem sftp internal-sftp
    
    Match Group sftpusers
        ChrootDirectory %h
        ForceCommand internal-sftp
        X11Forwarding no
        AllowTCPForwarding no
        PasswordAuthentication yes
  4. Restart SSH
    sudo service ssh restart

Creating the sftpusers Group

sudo groupadd sftpusers

Create SFTP Users

  1. Create user
    sudo adduser username
  2. Prevent SSH login & assign user to SFTP group
    sudo usermod -G sftpusers username
    sudo usermod -s /usr/sbin/nologin username
  3. Chroot user (limit them to their home directory)
    sudo chown root:root /home/username
    sudo chmod 755 /home/username
  4. Give the user a folder to upload to
    sudo mkdir /home/username/share
    sudo chown username:sftpusers /home/username/share

Notes

Sources