When it comes to “file transfers”, there are myriad ways to do it. We already covered a decent amount of methods, including transferring files between the Windows and Linux systems, FTP, or File Transfer Protocol to move files between various machines over the network. If you are looking for a more secure way of transfer data over the web, then you have to look at SFTP.
SFTP Vs. FTP
SFTP, which is short for Secure File Transfer Protocol, is a great protocol that is used to establish a secure and encrypted connection to transfer files safely. This is possible because SFTP uses an encrypted type of fingerprint technology to verify host keys before any data transfer has begun. On the other hand, FTP offers no encryption of any kind and is not recommended for use on an insecure network such as the cloud.
Another area where SFTP shines is due to a simpler client-side firewall. Only port 22 will need to be open to send and receive data, which implies firewall configurations can be simpler and improves file sharing security. FTP protocol needs to open multiple channels for the data transfer to take place.
Additional Layer of Security
Additionally, and for more security, we recommend enabling the chroot feature on specific user accounts. The idea behind the chroot is that it depends on isolating some applications, files and putting them in something like a jail to detach them from the rest of your machine directories. Hence, if a user account has the chroot feature enabled, then he or she is the only one that has access to the content of his or her directories, applications, and files.
Setting up SFTP server on Linux
In this tutorial, we will walk you through setting up the SFTP on your Ubuntu machine. This guide is divided into the following sections:
- Create an SFTP Group and User.
- Install SSH Daemon.
- Configure SSH Daemon.
- Login To SFTP using Command-Line or Graphical User Interface.
However, before starting, you need to make sure that your machine is updated using the following commands. The below commands are for updating Ubuntu and derivatives. If you are on other Linux distribution, please update your system before proceeding further.
sudo apt update sudo apt upgrade
1. Creating an SFTP Group and User
First, let’s create a new group and user that you can use to login with SFTP.
Step 1. Create a new group named sftp_fosslinux as following:
sudo addgroup sftp_fosslinux
Step 2. Create a new user named “sftpfossuser” and add it to the previously created group.
sudo useradd -m sftpfossuser -g sftp_fosslinux
Step 3. Add a password to the new SFTP user.
sudo passwd sftpfossuser
Step 4. Now, grant the new SFTP user complete access to their new home directory as follows:
sudo chmod 700 /home/sftpfossuser/
Now you are ready to install SSH and configure it.
2. Installing SSH Daemon
For the SFTP to work correctly, you can install SSH or OpenSSH server. If none of them is already installed on your machine, then use the following command to install the SSH server:
sudo apt install ssh
3. Configuring SSH Daemon
After the SSH installation is complete, open the SSHD configuration file to edit some configurations.
Step 1. Open the SSHD file using your favorite editor.
sudo vi /etc/ssh/sshd_config
Step 2. Now scroll down to the end of the configuration file and add the next few lines:
Match group sftp_fosslinux ChrootDirectory /home X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
Save and close the SSHD configuration file.
The previous configurations mean to allow users in the sftp_fosslinux group to access and use their home directories via the SFTP. Even more, it will prevent any other normal SSH access to those files.
Step 3. Now let’s restart the SSH service to apply previous changes.
sudo systemctl restart ssh
4. Log in to SFTP
Using Command-Line Method
You can use the command line terminal to test your login to the SFTP locally.
Step 1. From the terminal, log in using the command:
Step 2. Next, your SFTP username and password will be needed.
Step 3. Move to the SFTP user home directory and try to create a new directory as following:
cd sftpfossuser ls
mkdir sftpdir ls
To exit the SFTP connection just type:
Using Graphical User Interface Method
In case you need to log in with SFTP using a graphical application, then you can use the default Nautilus Ubuntu file manager.
Step 1. From the “Activities” menu, browse and select the Nautilus file manager.
Step 2. In the Nautilus file manager, from the left panel, choose “Other Locations.”
Step 3. In the bottom bar, connect to local SFTP using the command below:
Step 4. Enter the SFTP username and password.
Step 5. After successful login, you will be able to see your SFTP user home directory.
Step 6. As you can notice, you will see the previously created directory.
If you have come this far, congratulations! you have installed SFTP and made a successful login! I hope you enjoyed this tutorial. SFTP is excellent when you need a secure file transfer because the files are encrypted during the transfer.