How to Set Up an SFTP Server on Linux

How To Set Up An Sftp Server Linux Featured Image

Most people prefer utilities like FileZilla, WinSCP or other FTP programs when they need to transfer files to or from Linux servers. SFTP is a secure alternative to the original FTP protocol. It performs mostly the same functions as its unsecured version, but with an added layer of encryption. To accomplish this, it uses the SSH protocol that provides it with encryption capabilities. Setting up an SFTP server on your Linux system involves multiple steps, which we showcase here.

Also read: How to Create an SSH Honeypot to Catch Hackers in Your Linux Server

What Is SFTP?

SFTP (Secure File Transfer Protocol) is a network protocol for transferring files from a client to a server. Unlike FTP (File Transfer Protocol), SFTP utilizes the SSH (Secure Shell) protocol to encrypt the data that is sent. It was developed by computer scientists, Tatu Ylönen and Sami Lehtinen, who are also responsible for the development of the SSH protocol in the 1990s. However, the modern version is developed by the IETF (Internet Engineering Task Force).

It can be described as a remote file system protocol, even though its name suggests it only performs file transfer operations. When sending a file using SFTP from a client to a receiving server, the data is encrypted before it is sent to the destination. If the data being sent is intercepted by a “man-in-the-middle,” it can’t easily be decrypted by this third party.

Installing SSH and the OpenSSH Server

We are starting the process of setting up the SFTP server by installing SSH and the OpenSSH server.

Most Linux installations already have SSH installed by default, but in case your system doesn’t have it, you can install it by using the Advanced Packaging Tool’s apt command:

sudo apt install ssh

After installing SSH, you can check its version by running the ssh command with the -V flag:

ssh -V
Ssh Version Check

You can install the OpenSSH Server on Debian and Ubuntu systems, for example, by using the apt command:

sudo apt install openssh-server

You can do the same on Arch Linux by using the pacman command:

sudo pacman -S openssh

Also read: How to Set Up and Use SSH in Linux

Creating Users, Groups and Directories for SFTP

It is a common recommendation that different services on Linux should use their own users, groups, and directories.

Start by creating a group for the users of SFTP. This is accomplished by using the groupadd command:

sudo groupadd sftp_group

You can create a user and add it to the group that was created by using the useradd command and its -g flag, which is used to specify the group the user will be a part of:

sudo useradd -g sftp_group sftp_user

After creating the user, assign it a password by using the passwd command:

sudo passwd sftp_user
Sftp User Password Change

Create the default directory for the newly created user:

sudo mkdir -p /data/sftp_user/uploaded_files

Use the chown command to give the directory the necessary permissions:

sudo chown -R root:sftp_group /data/sftp_user
sudo chown -R sftp_user:sftp_group /data/sftp_user/uploaded_files

Configuring the SSH Server

The next step for setting up an SFTP server is configuring the SSH server it will be using.

Edit the “sshd_config” file found in “/etc/ssh/” so that the user is using the SFTP shell when connecting to the server instead of SSH’s shell.

You can easily edit the file using the commonly used Nano editor found on many Linux installations by default:

sudo nano /etc/ssh/sshd_config

Find the bottom of the file and add the following:

Match Group sftp_group
ChrootDirectory /data/%u
ForceCommand internal-sftp
Nano Editor Edit Sshd Config

Restart the SSH service:

sudo systemctl restart sshd

Also read: How to Show All Active SSH Connections in Linux

(Optional) Changing The SFTP Port

If you want to change the port the SFTP server is using from the default value of 22 to your chosen option, you’ll need to edit the “sshd_config” file once again.

Once again edit the file by using the Nano editor:

sudo nano /etc/ssh/sshd_config

Find a line in the file with the default port value of 22 commented out:

#Port 22

You can remove the hash (#) sign used to comment out the line and add your choice of port value. In my case, I am changing the value to 1111:

Port 1111

Now simply save the file

Nano Editor Edit Sshd Config Port Number

and restart the server:

sudo systemctl restart sshd

Also read: 8 Useful and Interesting Bash Prompts

Logging in and Using the Server

W the server installed and configured, it is ready for use. You can easily upload files and download them, all with an encrypted session provided by SSH.

Before logging in, it won’t hurt to take a look at the manual provided:

sftp -h
Sftp Manual

Log into the server by providing the username and the server IP or hostname in the following format:

sftp USER@HOST

Additionally, you can specify the port your SFTP server is using (default is 22) by utilizing the -P flag:

sftp USER@HOST -P <PORT>

When you log in, you are greeted with an SFTP shell.

View a manual by typing help.

Sftp Help Command 1

Downloading Files

To download a file:

get /path/to/file/on/server

Example:

get /bin/ls

This will download to your current directory – the one you were in locally before you logged in to the server. To download to a specific local directory:

get /path/to/file/on/server /path/to/local/folder

To copy directories, you have to add the -r parameter, which stands for recursive, to the command.

get -r /bin /home/username/Desktop/bin
sftp-copy-directory

Remember to add a name for the new directory you want to create locally, like “/home/username/Desktop/bin” in this case. If you use get -r /bin /home/username/Desktop, files will be copied directly on the Desktop. Note that t’s the files that are copied and not the directory itself.

Uploading Files

Uploading files or directories follows the same principles. The only exception is that paths are reversed, meaning you first specify the local file/directory, then the remote path.

To start with, upload files to the server by using the put command:

put /path/to/local/content /path/to/remote/location

When uploading directories (recursive), remember that the same rule from the previous section applies: it’s actually the files in the directory that are copied and not the directory itself. Specify a new name for a directory you want to copy those files to.

put -r /home/username/Desktop/bin bin

This creates a new directory called “bin” on the remote side.

Resume Transfers and Use Paths that Contain Spaces

When you transfer a large file that gets interrupted, you can resume by replacing the previous command with reput and reget. Just make sure you use the same paths you used last time so that the source and destination match exactly.

reget /path/to/file/on/server /path/to/local/file
reput /path/to/local/file /path/to/file/on/server

To resume directory transfers, just add the -r parameter:

reput -r /home/username/Desktop/bin bin

If the path to a file contains spaces, put it within quotes:

put "/home/username/My Documents/Files"

Other Uses

You can list the files and directories by using the ls command:

ls -l

The permissions of files are also changeable using the chmod command:

chmod <PERMISSION> <FILE>

Additionally, you can create a new directory by using the mkdir command:

mkdir <DIRECTORY_NAME>

Also read: How to Run Bash Commands in the Background in Linux

Frequently Asked Questions

1. Do I need to install an SFTP client?

In most cases no, since most Linux systems come with a terminal-based SFTP client installed by default.

2. Can I use public-key authentication?

Yes, you can use public-key authentication instead of a password as an authentication method. Setting it up is fairly simple, and it provides additional security for your server.

3. Can I simultaneously host an SSH server?

Yes. However, you will need to make sure that your SFTP server is not using the same port as the SSH server.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Severi Turusenaho

Technical Writer - Linux & Cybersecurity.