Setting Up an SFTP Server on Ubuntu | Generated by AI
Setting up an SFTP (SSH File Transfer Protocol) server on Ubuntu is a straightforward process that allows you to securely transfer files over a network using SSH encryption. Below is a complete, step-by-step guide to help you set it up.
Step 1: Install OpenSSH Server
SFTP relies on the OpenSSH server, which you need to install on your Ubuntu system.
- Open a terminal and update your package list:
sudo apt update
- Install the OpenSSH server:
sudo apt install openssh-server
- Check that the SSH service is running:
sudo systemctl status ssh
- If it’s not running, start it:
sudo systemctl start ssh
- Ensure it starts on boot:
sudo systemctl enable ssh
- If it’s not running, start it:
Step 2: Create a Dedicated SFTP User
For better security, create a specific user for SFTP access.
- Add a new user (e.g.,
sftpuser
):sudo adduser sftpuser
- Follow the prompts to set a password and fill in any optional details.
- (Optional) Prevent this user from accessing a shell via SSH:
sudo usermod -s /bin/false sftpuser
Step 3: Configure SSH for SFTP
You can either allow all users to use SFTP with their home directories or restrict specific users to certain folders.
Option 1: Allow SFTP for All Users
If you want all users to access their home directories via SFTP, no extra configuration is needed after installing OpenSSH. Skip to Step 5.
Option 2: Restrict a User to a Specific Directory
To lock a user (e.g., sftpuser
) to a specific directory:
- Edit the SSH configuration file:
sudo nano /etc/ssh/sshd_config
- Add the following lines at the end of the file:
Match User sftpuser ChrootDirectory /home/sftpuser ForceCommand internal-sftp AllowTcpForwarding no X11Forwarding no
- Save the file (
Ctrl+O
, thenEnter
) and exit (Ctrl+X
).
- Save the file (
- This configuration:
- Limits
sftpuser
to/home/sftpuser
. - Forces SFTP usage only.
- Disables extra features like TCP forwarding.
- Limits
Step 4: Set Up Directory Permissions
For the restricted setup (chroot) to work, adjust permissions:
- Make the chroot directory owned by root:
sudo chown root:root /home/sftpuser
- Create a writable subdirectory for the user (e.g.,
uploads
):sudo mkdir /home/sftpuser/uploads sudo chown sftpuser:sftpuser /home/sftpuser/uploads
- The user can now upload files to
/home/sftpuser/uploads
.
- The user can now upload files to
Step 5: Restart the SSH Service
Apply your changes by restarting SSH:
sudo systemctl restart ssh
Step 6: Test Your SFTP Server
Verify that the server works by connecting from another device.
- Find your Ubuntu machine’s IP address:
ip addr show
- Look for an IP like
192.168.1.100
.
- Look for an IP like
- Test the connection:
- From a terminal (Linux/macOS):
sftp sftpuser@<ubuntu-ip-address>
- Enter the password when prompted.
- Using FileZilla (any OS):
- Host:
sftp://<ubuntu-ip-address>
- Username:
sftpuser
- Password: (your password)
- Port: 22
- Host:
- From a terminal (Linux/macOS):
- Try uploading a file to the
uploads
folder or listing directory contents.
Step 7: Configure the Firewall
If you’re using Ubuntu’s firewall (UFW), allow SFTP traffic:
- Check the firewall status:
sudo ufw status
- Allow SSH/SFTP (port 22):
sudo ufw allow 22/tcp sudo ufw reload
All Done!
Your SFTP server is now ready! Users can securely connect and transfer files to their designated directories using an SFTP client. If you restricted sftpuser
, they’ll only access /home/sftpuser/uploads
(or wherever you set). Enjoy secure file transfers!