Ubuntu SFTP Server - How to Install and Configure

Setting up an Ubuntu SFTP server involves a few steps, primarily focused on installing and configuring an SSH server. We will use the OpenSSH server, which includes support for SFTP (Secure File Transfer Protocol) by default. SFTP is more secure than an FTP server. This guide is updated with the release of each LTS Ubuntu version. At the moment, the guide covers Ubuntu 24.04.

1. Update Your System

First, ensure your system is up-to-date. Open your terminal and run:

sudo apt update && sudo apt upgrade -y

2. Install OpenSSH Server

If the OpenSSH server is not already installed, you can install it with:

sudo apt install openssh-server -y

3. Configure SSH for SFTP

Edit the SSH configuration file to ensure SFTP is enabled and properly configured. You'll use a text editor like nano to edit the /etc/ssh/sshd_config file.

sudo nano /etc/ssh/sshd_config

Find or add a section in the file for Subsystem SFTP, which should look like this:

Subsystem sftp /usr/lib/openssh/sftp-server

You can also create a specific SFTP group and user for SFTP access only, without SSH access. Here's how to do it. Create a Group for SFTP Users:

sudo groupadd sftpusers

Add or Modify a User to Be Part of the SFTP Group: If you're creating a new user:

sudo useradd -m -G sftpusers -s /usr/sbin/nologin sftpuser
sudo passwd sftpuser

For an existing user:

sudo usermod -G sftpusers -s /usr/sbin/nologin existinguser

Not using the root user is recommended, especially if you want to give the access credentials to another person. Configure the SFTP Directory: Change the user's home directory to prevent access to the entire file system:

sudo mkdir -p /home/sftpuser/sftpfiles
sudo chown root:root /home/sftpuser
sudo chmod 755 /home/sftpuser
sudo chown sftpuser:sftpusers /home/sftpuser/sftpfiles

Update SSH Configuration for SFTP Isolation: In the /etc/ssh/sshd_config file, add or modify the configuration to include a Match block for the SFTP group at the end of the file:

Match Group sftpusers
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no

4. Restart and Test SSH Service

After configuring, restart the SSH service to apply the changes:

sudo systemctl restart ssh

5. Test SFTP Connection

From a client machine, try connecting to the SFTP server with the SFTP user account via password authentication:

sftp sftpuser@your_server_ip

Replace sftpuser with your SFTP username and your_server_ip with the server's IP address.

Security Considerations

Firewall Settings: Ensure your firewall allows SFTP connections (usually on port 22).

Regular Updates: Keep your server software up-to-date to mitigate vulnerabilities.

Use SSH Keys: For added security, configure SSH key-based authentication for SFTP users.

Other Ubuntu versions

22.04: How to setup SFTP server on Ubuntu 22.04

SFTPCloud - Managed SFTP

Are you relying on the SSH File Transfer Protocol to handle business-critical file transfers but don't want to waste time maintaining your own Ubuntu server? SFTPCloud offers managed SFTP with powerful yet simple-to-use features, allowing you to easily restrict access through fine-grained permissions, monitor file operations in real-time, and ensure secure data transfers—all without the overhead of server administration.