Here is how I setup and configure SFTP on my Ubuntu server.
- Install the OpenSSH Server:
If you haven’t already installed the SSH server, you can do so with the below command.
sudo apt update
sudo apt install openssh-server- Let’s now verify SSH service is running.
sudo systemctl status ssh- Let’s configure SFTP
By default, any user with SSH access to the server can use SFTP to access their home directories. If you want to restrict SFTP users to their home directory, you should “chroot” them.
Let’s edit the SSh configuration file:
sudo nano /etc/ssh/ssh_configadd the following at the bottom of the file:
Match Group sftpusers
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
PasswordAuthentication yes
Save and close the file.
- Let’s create the sftpusers group and a user account and then add them to the group.
sudo addgroup sftpusers
sudo adduser newusername
sudo adduser newusername sftpusers- Finally lets set ownership and permissions on the chroot directory
sudo chown root:root /home/newusername
sudo chmod 755 /home/newusername
sudo mkdir /home/newusername/files
sudo chown newusername:sftpusers /home/newusername/filesNow, the user will be chrooted into their home directory when they log in with SFTP and they won’t be able to navigate outside of it. It’s important to remember that when chroot with SFTP, you must always ensure that the chroot directory and all of it’s parent directories remain owned by ‘root’ and are not writable by the chrooted user. If this is not the case, then the chroot environment could be bypassed leading to security issues.
Unreal Labs 