Most people prefer utilities like FileZilla, WinSCP or other FTP programs when they need to transfer files to or from Linux servers. SFTP is a secure alternative to the original FTP protocol. It performs mostly the same functions as its unsecured version, but with an added layer of encryption. To accomplish this, it uses the SSH protocol that provides it with encryption capabilities. Setting up an SFTP server on your Linux system involves multiple steps, which we showcase here.
Also read: How to Create an SSH Honeypot to Catch Hackers in Your Linux Server
What Is SFTP?
SFTP (Secure File Transfer Protocol) is a network protocol for transferring files from a client to a server. Unlike FTP (File Transfer Protocol), SFTP utilizes the SSH (Secure Shell) protocol to encrypt the data that is sent. It was developed by computer scientists, Tatu Ylönen and Sami Lehtinen, who are also responsible for the development of the SSH protocol in the 1990s. However, the modern version is developed by the IETF (Internet Engineering Task Force).
It can be described as a remote file system protocol, even though its name suggests it only performs file transfer operations. When sending a file using SFTP from a client to a receiving server, the data is encrypted before it is sent to the destination. If the data being sent is intercepted by a “man-in-the-middle,” it can’t easily be decrypted by this third party.
Installing SSH and the OpenSSH Server
We are starting the process of setting up the SFTP server by installing SSH and the OpenSSH server.
Most Linux installations already have SSH installed by default, but in case your system doesn’t have it, you can install it by using the Advanced Packaging Tool’s apt
command:
sudo apt install ssh
After installing SSH, you can check its version by running the ssh
command with the -V
flag:
ssh -V
You can install the OpenSSH Server on Debian and Ubuntu systems, for example, by using the apt
command:
sudo apt install openssh-server
You can do the same on Arch Linux by using the pacman
command:
sudo pacman -S openssh
Also read: How to Set Up and Use SSH in Linux
Creating Users, Groups and Directories for SFTP
It is a common recommendation that different services on Linux should use their own users, groups, and directories.
Start by creating a group for the users of SFTP. This is accomplished by using the groupadd
command:
sudo groupadd sftp_group
You can create a user and add it to the group that was created by using the useradd
command and its -g
flag, which is used to specify the group the user will be a part of:
sudo useradd -g sftp_group sftp_user
After creating the user, assign it a password by using the passwd
command:
sudo passwd sftp_user
Create the default directory for the newly created user:
sudo mkdir -p /data/sftp_user/uploaded_files
Use the chown
command to give the directory the necessary permissions:
sudo chown -R root:sftp_group /data/sftp_user sudo chown -R sftp_user:sftp_group /data/sftp_user/uploaded_files
Configuring the SSH Server
The next step for setting up an SFTP server is configuring the SSH server it will be using.
Edit the “sshd_config” file found in “/etc/ssh/” so that the user is using the SFTP shell when connecting to the server instead of SSH’s shell.
You can easily edit the file using the commonly used Nano editor found on many Linux installations by default:
sudo nano /etc/ssh/sshd_config
Find the bottom of the file and add the following:
Match Group sftp_group ChrootDirectory /data/%u ForceCommand internal-sftp
Restart the SSH service:
sudo systemctl restart sshd
Also read: How to Show All Active SSH Connections in Linux
(Optional) Changing The SFTP Port
If you want to change the port the SFTP server is using from the default value of 22 to your chosen option, you’ll need to edit the “sshd_config” file once again.
Once again edit the file by using the Nano editor:
sudo nano /etc/ssh/sshd_config
Find a line in the file with the default port value of 22 commented out:
#Port 22
You can remove the hash (#) sign used to comment out the line and add your choice of port value. In my case, I am changing the value to 1111:
Port 1111
Now simply save the file
and restart the server:
sudo systemctl restart sshd
Also read: 8 Useful and Interesting Bash Prompts
Logging in and Using the Server
W the server installed and configured, it is ready for use. You can easily upload files and download them, all with an encrypted session provided by SSH.
Before logging in, it won’t hurt to take a look at the manual provided:
sftp -h
Log into the server by providing the username and the server IP or hostname in the following format:
sftp USER@HOST
Additionally, you can specify the port your SFTP server is using (default is 22) by utilizing the -P
flag:
sftp USER@HOST -P <PORT>
When you log in, you are greeted with an SFTP shell.
View a manual by typing help
.
Downloading Files
To download a file:
get /path/to/file/on/server
Example:
get /bin/ls
This will download to your current directory – the one you were in locally before you logged in to the server. To download to a specific local directory:
get /path/to/file/on/server /path/to/local/folder
To copy directories, you have to add the -r
parameter, which stands for recursive, to the command.
get -r /bin /home/username/Desktop/bin
Remember to add a name for the new directory you want to create locally, like “/home/username/Desktop/bin” in this case. If you use get -r /bin /home/username/Desktop
, files will be copied directly on the Desktop. Note that t’s the files that are copied and not the directory itself.
Uploading Files
Uploading files or directories follows the same principles. The only exception is that paths are reversed, meaning you first specify the local file/directory, then the remote path.
To start with, upload files to the server by using the put
command:
put /path/to/local/content /path/to/remote/location
When uploading directories (recursive), remember that the same rule from the previous section applies: it’s actually the files in the directory that are copied and not the directory itself. Specify a new name for a directory you want to copy those files to.
put -r /home/username/Desktop/bin bin
This creates a new directory called “bin” on the remote side.
Resume Transfers and Use Paths that Contain Spaces
When you transfer a large file that gets interrupted, you can resume by replacing the previous command with reput
and reget
. Just make sure you use the same paths you used last time so that the source and destination match exactly.
reget /path/to/file/on/server /path/to/local/file reput /path/to/local/file /path/to/file/on/server
To resume directory transfers, just add the -r
parameter:
reput -r /home/username/Desktop/bin bin
If the path to a file contains spaces, put it within quotes:
put "/home/username/My Documents/Files"
Other Uses
You can list the files and directories by using the ls
command:
ls -l
The permissions of files are also changeable using the chmod
command:
chmod <PERMISSION> <FILE>
Additionally, you can create a new directory by using the mkdir command:
mkdir <DIRECTORY_NAME>
Also read: How to Run Bash Commands in the Background in Linux
Frequently Asked Questions
1. Do I need to install an SFTP client?
In most cases no, since most Linux systems come with a terminal-based SFTP client installed by default.
2. Can I use public-key authentication?
Yes, you can use public-key authentication instead of a password as an authentication method. Setting it up is fairly simple, and it provides additional security for your server.
3. Can I simultaneously host an SSH server?
Yes. However, you will need to make sure that your SFTP server is not using the same port as the SSH server.
Our latest tutorials delivered straight to your inbox