Setting Up an SFTP Server on Ubuntu | Generated by AI

Home PDF

Setting up an SFTP (SSH File Transfer Protocol) server on Ubuntu is a straightforward process that allows you to securely transfer files over a network using SSH encryption. Below is a complete, step-by-step guide to help you set it up.

Step 1: Install OpenSSH Server

SFTP relies on the OpenSSH server, which you need to install on your Ubuntu system.

  1. Open a terminal and update your package list: 
    sudo apt update
  2. Install the OpenSSH server: 
    sudo apt install openssh-server
  3. Check that the SSH service is running: 
    sudo systemctl status ssh
    • If it’s not running, start it: 
      sudo systemctl start ssh
    • Ensure it starts on boot: 
      sudo systemctl enable ssh

Step 2: Create a Dedicated SFTP User

For better security, create a specific user for SFTP access.

  1. Add a new user (e.g., sftpuser): 
    sudo adduser sftpuser
    • Follow the prompts to set a password and fill in any optional details.
  2. (Optional) Prevent this user from accessing a shell via SSH: 
    sudo usermod -s /bin/false sftpuser

Step 3: Configure SSH for SFTP

You can either allow all users to use SFTP with their home directories or restrict specific users to certain folders.

Option 1: Allow SFTP for All Users

If you want all users to access their home directories via SFTP, no extra configuration is needed after installing OpenSSH. Skip to Step 5.

Option 2: Restrict a User to a Specific Directory

To lock a user (e.g., sftpuser) to a specific directory:

  1. Edit the SSH configuration file: 
    sudo nano /etc/ssh/sshd_config
  2. Add the following lines at the end of the file: 
    Match User sftpuser
    ChrootDirectory /home/sftpuser
    ForceCommand internal-sftp
    AllowTcpForwarding no
    X11Forwarding no
    • Save the file (Ctrl+O, then Enter) and exit (Ctrl+X).
  3. This configuration:
    • Limits sftpuser to /home/sftpuser.
    • Forces SFTP usage only.
    • Disables extra features like TCP forwarding.

Step 4: Set Up Directory Permissions

For the restricted setup (chroot) to work, adjust permissions:

  1. Make the chroot directory owned by root: 
    sudo chown root:root /home/sftpuser
  2. Create a writable subdirectory for the user (e.g., uploads): 
    sudo mkdir /home/sftpuser/uploads
sudo chown sftpuser:sftpuser /home/sftpuser/uploads
    • The user can now upload files to /home/sftpuser/uploads.

Step 5: Restart the SSH Service

Apply your changes by restarting SSH:

sudo systemctl restart ssh

Step 6: Test Your SFTP Server

Verify that the server works by connecting from another device.

  1. Find your Ubuntu machine’s IP address: 
    ip addr show
    • Look for an IP like 192.168.1.100.
  2. Test the connection:
    • From a terminal (Linux/macOS): 
      sftp sftpuser@<ubuntu-ip-address>
      • Enter the password when prompted.
    • Using FileZilla (any OS):
      • Host: sftp://<ubuntu-ip-address>
      • Username: sftpuser
      • Password: (your password)
      • Port: 22
  3. Try uploading a file to the uploads folder or listing directory contents.

Step 7: Configure the Firewall

If you’re using Ubuntu’s firewall (UFW), allow SFTP traffic:

  1. Check the firewall status: 
    sudo ufw status
  2. Allow SSH/SFTP (port 22): 
    sudo ufw allow 22/tcp
sudo ufw reload

All Done!

Your SFTP server is now ready! Users can securely connect and transfer files to their designated directories using an SFTP client. If you restricted sftpuser, they’ll only access /home/sftpuser/uploads (or wherever you set). Enjoy secure file transfers!

Back 2025.03.16 Donate