This is just a very basic refresher around sftp server, I know there are lots of other and on-cloud solutions available for file transfer and sftp server is rarely used.
But since I got a query yesterday about it, I thought to create a small write-up :)
sftp server
- There was a time when sftp was widely used for secure file transfers, though now there are many options available, but this used to be a hero service then and was commonly asked during interviews.
- The name itself expands to 'Secure File Transfer Protocol'.
- This allows for a secure file transfer over SSH (On port 22).
- It is quite fast and efficient.
Pre-requisites
- Any linux machine with internet access (here I am using Ubuntu).
HOWTO
- Update the package lists on your Ubuntu(debian based) machine.
$ apt update
- Install ssh/openssh-sftp-server/vim(if not present).
$ apt install ssh openssh-sftp-server vim -y
- Edit the sshd config file and append below details
$ vim /etc/ssh/sshd_config
Match group sftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Match group sftp: This statement states below settings will be applicable to all the users who belong to sftp group.
ChrootDirectory: This basically changes the root directory to mentioned path.
X11Forwarding: This disables X11 forwarding (this is enabled in some GUI use-cases) and for sftp this is not required.
AllowTcpForwarding: Disables TCP forwarding.
ForceCommand: This forcefully mandates that the used of this group should be only allowed to use sftp and nothing else.
- Restart the service, you can use this way or use systemctl based on your distribution.
$ /etc/init.d/ssh restart
- Add a new group called sftp to the system.
$ addgroup sftp
- Create a new user with sftp group attached to it.
$ useradd -m sunny -g sftp
- Change the password of the newly created user.
$ passwd sunny
- Change the permission of the directory to USER/OWNER only.
$ chmod 700 /home/sunny/ -R
- Try connecting to sftp server
$ sftp sunny@HOST_IP
- Enter the password and try using get and put commands.
*Feel free to add any details which I might have missed, happy learning :) *