Setting up an SFTP server on Ubuntu 22.04 involves a few steps, primarily focused on installing and configuring an SSH server. We will use the OpenSSH server, which includes support for SFTP (Secure File Transfer Protocol) by default. SFTP is more secure when compared to an FTP server. Here's a guide on how to set it up:
1. Update Your System
First, ensure your system is up-to-date. Open your terminal and run:
sudo apt update && sudo apt upgrade -y
2. Install OpenSSH Server
If the OpenSSH server is not already installed, you can install it with:
sudo apt install openssh-server -y
3. Configure SSH for SFTP
Edit the SSH configuration file to ensure SFTP is enabled and properly configured. You'll use a text editor like
nano
to edit the
/etc/ssh/sshd_config
file.
sudo nano /etc/ssh/sshd_config
Find or add a section in the file for Subsystem SFTP, which should look like this:
Subsystem sftp /usr/lib/openssh/sftp-server
You can also create a specific SFTP group and user for SFTP access only, without SSH access. Here's how to do it:
Create a Group for SFTP Users:
Add or Modify a User to Be Part of the SFTP Group:
If you're creating a new user:
sudo useradd -m -G sftpusers -s /usr/sbin/nologin sftpuser
sudo passwd sftpuser
For an existing user:
sudo usermod -G sftpusers -s /usr/sbin/nologin existinguser
It's recommended to not use the root user, especially if you want to give the access credentials to another person.
Configure the SFTP Directory:
Change the user's home directory to prevent access to the entire file system:
sudo mkdir -p /home/sftpuser/sftpfiles
sudo chown root:root /home/sftpuser
sudo chmod 755 /home/sftpuser
sudo chown sftpuser:sftpusers /home/sftpuser/sftpfiles
Update SSH Configuration for SFTP Isolation:
In the
/etc/ssh/sshd_config
file, add or modify the configuration to include a Match block for the SFTP group at the end of the file:
Match Group sftpusers
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
4. Restart and Test SSH Service
After configuring, restart the SSH service to apply the changes:
sudo systemctl restart ssh
5. Test SFTP Connection
From a client machine, try connecting to the SFTP server with the SFTP user account via password authentication:
sftp sftpuser@your_server_ip
Replace
sftpuser
with your SFTP username and
your_server_ip
with the server's IP address.
Security Considerations
Firewall Settings:
Ensure your firewall allows SFTP connections (usually on port 22).
Regular Updates:
Keep your server software up-to-date to mitigate vulnerabilities.
Use SSH Keys:
For added security, configure SSH key-based authentication for SFTP users.
If you arrived here, your basic SFTP server on Ubuntu 22.04 is ready to transfer files.