sftp refresher - 101

Sunny Bhambhani - Oct 29 - - Dev Community

This is just a very basic refresher around sftp server, I know there are lots of other and on-cloud solutions available for file transfer and sftp server is rarely used.

But since I got a query yesterday about it, I thought to create a small write-up :)

sftp server

  • There was a time when sftp was widely used for secure file transfers, though now there are many options available, but this used to be a hero service then and was commonly asked during interviews.
  • The name itself expands to 'Secure File Transfer Protocol'.
  • This allows for a secure file transfer over SSH (On port 22).
  • It is quite fast and efficient.

Pre-requisites

  • Any linux machine with internet access (here I am using Ubuntu).

HOWTO

  • Update the package lists on your Ubuntu(debian based) machine.
$ apt update
Enter fullscreen mode Exit fullscreen mode
  • Install ssh/openssh-sftp-server/vim(if not present).
$ apt install ssh openssh-sftp-server vim -y
Enter fullscreen mode Exit fullscreen mode
  • Edit the sshd config file and append below details
$ vim /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode
Match group sftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Enter fullscreen mode Exit fullscreen mode

Match group sftp: This statement states below settings will be applicable to all the users who belong to sftp group.
ChrootDirectory: This basically changes the root directory to mentioned path.
X11Forwarding: This disables X11 forwarding (this is enabled in some GUI use-cases) and for sftp this is not required.
AllowTcpForwarding: Disables TCP forwarding.
ForceCommand: This forcefully mandates that the used of this group should be only allowed to use sftp and nothing else.

  • Restart the service, you can use this way or use systemctl based on your distribution.
$ /etc/init.d/ssh restart
Enter fullscreen mode Exit fullscreen mode
  • Add a new group called sftp to the system.
$ addgroup sftp
Enter fullscreen mode Exit fullscreen mode
  • Create a new user with sftp group attached to it.
$ useradd -m sunny -g sftp
Enter fullscreen mode Exit fullscreen mode
  • Change the password of the newly created user.
$ passwd sunny
Enter fullscreen mode Exit fullscreen mode
  • Change the permission of the directory to USER/OWNER only.
$ chmod 700 /home/sunny/ -R
Enter fullscreen mode Exit fullscreen mode
  • Try connecting to sftp server
$ sftp sunny@HOST_IP
Enter fullscreen mode Exit fullscreen mode
  • Enter the password and try using get and put commands.

*Feel free to add any details which I might have missed, happy learning :) *

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .