Create SFTP user in Ubuntu Server - Step by Step Guide
☰ In this chapter, you will learn
- What is SFTP?
- How to Install OpenSSH Server?
- Creating an SFTP user
- Setting up SFTP directory
- Connecting to SFTP user using Command Prompt and FileZilla
What is SFTP?
SFTP stands for Secure File Transfer Protocol, a safer option compared to traditional FTP.
When configuring a web server, it's crucial to establish an SFTP user account for secure file exchange between client PCs and the web server.
SFTP ensures secure file transfer over networks by encrypting data and using SSH for authentication.
How to Create SFTP User account in Ubuntu?
In this tutorial, we'll guide you step by step on creating an SFTP user account, linking it to a specific directory, and connecting it to your server directory using the SFTP account.
Here's what you need to do:
- Install OpenSSH Server.
- Create an SFTP User.
- Configure the SFTP Directory.
- Update the sshd_config file.
- Connect to the SFTP user.
1. Install OpenSSH Server
The OpenSSH server is essential for SFTP functionality. Fortunately, it comes pre-installed on Ubuntu. You can check its status using the following command:
ssh -VOpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022
If OpenSSH isn't installed on your server, you can install it using the following command:
sudo apt update && sudo apt install openssh-server2. Create SFTP User
After installing OpenSSH, you can proceed to create a new SFTP user. Use the following command to create a new SFTP user account:
sudo adduser --shell /bin/false <new_sftp_user>Replace <new_sftp_user> with the desired username for your SFTP user.
Example
sudo adduser --shell /bin/false thomasAdding user 'thomas' ... Adding new group 'thomas' (1004) ... Adding new user 'thomas' (1004) with group 'thomas' ... Creating home directory '/home/thomas' ... Copying files from '/etc/skel' ... New password: Retype new password: passwd: password updated successfully Changing the user information for thomas Enter the new value, or press ENTER for the default Full Name []: Thomas Room Number []: 1 Work Phone []: 8524516 Home Phone []: Other []: Is the information correct? [Y/n] Y
3. Configure the SFTP Directory
After creating the SFTP user, you'll want to link it to a specific directory. In simpler terms, you need to jail the SFTP user within a directory so they can't navigate outside of it.
sudo chown thomas:thomas /var/www/html/newsitesudo chown root:root /var/www/html
$sudo chmod 755 /var/www/html4. Configure sshd_config file
Open the sshd_config file and append the following settings at the bottom of the file.
sudo vi /etc/ssh/sshd_config file.i to go into Insert mode.Match User thomas ForceCommand internal-sftp PasswordAuthentication yes ChrootDirectory /var/www/html PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no
:wq and then hit Enter.sudo sshd -tsudo systemctl restart ssh5. Test your SFTP user
Everything has been set up correctly, and now it's time to test your SFTP user by connecting it to the directory.
Using Command Prompt
C:\Users\Prashant>sftp [email protected]
>[email protected]'s password:
>Connected to 192.107.128.17.
sftp> |Using FileZilla
Summary
In this chapter, you learned how to create an SFTP user and confine them to a specific directory, restricting their access to only the contents of that directory.