==What is SFTP== SFTP is the SSH File Transfer Protocol which is an extension of the Secure Shell protocol (SSH) to provide secure file transfer capabilities. It is not to be mistaken for FTP or FTPS. Unlike FTP, SFTP encrypts both commands and data, preventing passwords and sensitive information from being transmitted openly over the network. It cannot interoperate with FTP software. FTPS is an extension to the FTP standard that allows clients to request FTP sessions to be encrypted. This is done by sending the "AUTH TLS" command.

==Setting Up a Simple Server== The goal is to setup a SFTP server where the users are chrooted to their home directory, and have limited system powers. ===Setting up the Server=== Assuming you already have SSH installed, we need to edit the SSH server config file.

Open the config file
sudo nano /etc/shh/sshd_config

Comment out the following line with a # at the beginning
#Subsystem sftp /usr/lib/openssh/sftp-server

Add the following at the end of the file:

Subsystem sftp internal-sftp

Match Group sftpusers
    ChrootDirectory %h
    ForceCommand internal-sftp
    X11Forwarding no
    AllowTCPForwarding no
    PasswordAuthentication yes

Restart SSH
sudo service ssh restart

===Creating the sftpusers Group=== sudo groupadd sftpusers

===Create SFTP Users===

Create user
sudo adduser username

Prevent SSH login & assign user to SFTP group
sudo usermod -G sftpusers username
sudo usermod -s /usr/sbin/nologin username

Chroot user (limit them to their home directory)
sudo chown root:root /home/username
sudo chmod 755 /home/username

Give the user a folder to upload to
sudo mkdir /home/username/share
sudo chown username:sftpusers /home/username/share

==Notes==

==Sources==