How to setup SFTP server on Ubuntu

Key takeaways:

  • SFTP enhances secure file transfers over SSH, ensuring encryption and protecting against unauthorized access.

  • Create dedicated SFTP users and groups to control access effectively.

  • Modify SSHD settings to enable SFTP and implement security measures like Chroot.

  • Establish connections using the SFTP protocol, ensuring user authentication.

The Secure File Transfer Protocol (SFTP) was designed as an enhancement of Secure Shell (SSH) Protocol version 2.0 to provide improved secure file transfer capabilities. Transferring files is a fundamental function in any organization. Different transfer protocols exist for this purpose; some prioritize speed and simplicity, while others emphasize security. SFTP is one such protocol that is used to securely access, transfer, and manage large files and sensitive data.

SFTP servers provide enhanced security through several features:

  • Mandatory encryption: Ensures all data is encrypted in transit, protecting it from interception.

  • Firewall-friendly transmission: This protocol utilizes a single port for data transmission, making it easier to configure firewalls and maintain security.

  • Host key verification: Uses host keys to verify the identity of the destination server, preventing unauthorized access and man-in-the-middle attacks.

Step-by-step process for installing the SFTP server

Let’s see in detail how to install the SFTP server on Ubuntu:

Step 1 (Check the OpenSSHIt provides secure and encrypted connections via the SSH protocol. package): To configure an FTP server that includes SFTP functionality, ensure that OpenSSH is installed on Ubuntu. These packages are typically pre-installed. If not, you can install them from the official repository. To check whether the OpenSSH package is installed, use the following command:

dpkg -l | grep ssh
Check require package

If the OpenSSH package is not installed, we can install it using the following command:

sudo apt install openssh-server
Install OpenSSH

After installing it, you can verify whether OpenSSH is installed or not, as depicted in the following code snippet:

If ii visible on the terminal, it indicates that the package is installed.

Step 2 (SSH Installation): If OpenSSH is already installed, SSH can be installed using APT with the following steps:

sudo apt install ssh
install ssh

Note: We have already installed SSH in the terminal given below as it takes some time.

Step 3 (Setting up a new SFTP user with group membership): The command sudo useradd -m sftpuser -g sftp is used to create a new user named sftpuser and add them to a group named sftp

sudo useradd -m sftpuser -g sftp

Step 4 (Updating the configuration of SSHD):

After installing SSH, we can modify the SSH daemon (sshdsshd, short for "Secure SHell Daemon," is a critical component of secure, remote system administration and management. It provides a reliable and secure way to connect to remote machines, ensuring the integrity and confidentiality of the communication) configuration file (sshd_config). The sshd allows users to connect to the server securely over an encrypted connection, protecting data from eavesdropping and tampering. We can use any editor to open the sshd_config file.

In our case, we will use the Nano editor. After opening the file with Nano, add the commands given below at the end of the file:

sudo nano /etc/ssh/sshd_config
# Add the below commands at the end of the file:
Match group sftp
ChrootDirectory /home
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
Open sshd_config using nano

After adding commands in sshd_config file, use the below command to save changes and exit from Nano

  • Ctrl + O: Save the changes (Write Out).

  • Ctrl + X: Exit Nano.

Step 5 (Restart the SSH service): After updating the configuration file, apply the changes by restarting the SSH service using this command.

sudo service ssh start

Step 6 (Verify SFTP users and groups): Let's proceed by creating a new group named sftpgroup and a user named sftpuser who will have access only to the SFTP server for security reasons.

sudo groupadd sftpgroup
Create a new user

To give access to shell, the following command is used:

sudo useradd -G sftpgroup -d /srv/sftpuser -s /sbin/nologin sftpuser
Give shell access

The newly created sftpuser is added to the sftpgroup list using the -G option. The -d option sets the user's home directory, while the -s option specifies shell access permissions.

The command below creates a restricted user account named sftpuser that belongs to the sftpgroup. The user's home directory is set to /srv/sftpuser, and the user is restricted from logging into the system interactively. This configuration is typically used to enable secure file transfers over SSH without granting full shell access to the server.

If the user already exists, running the command will display the following message:

useradd: user 'sftpuser' already exists

This message indicates that the sftpuser account has already been created.

Step 6 (Setting up an SFTP User password)
Our next step is to create the password for sftp user:

passwd sftpuser
Setting the user password for sftp user

Step 7 (Setting chroot): Create the Chrootchroot changes the apparent root directory for a running process and its children in Unix-like systems, isolating them within a designated directory tree. This prevents access to files outside the specified environment. directory by setting the new folder:

mkdir -p /srv/sftpuser
Create new folder

Utilize chown to set ownership for the root user.

sudo chown root /srv/sftpuser
Set ownership

Set group permissions to read and execute:

sudo chmod g+rx /srv/sftpuser
Add certain rights

Grant ownership of a subdirectory to sftpuser:

mkdir -p /srv/sftpuser/data
chown sftpuser /srv/sftpuser/data
Set subdirectories

This allows SFTP users to upload files to the "data" subdirectory but restricts their rights in the sftpuser directory to read-only access for security purposes.

Step 8 (Establish a connection to the Ubuntu SFTP server): Create an SFTP connection with the command sftp, providing the username and the server's hostname or IP address.

sftp sftpuser@127.0.0.1
Connect SFTP server

After entering the SFTP connection command, it will ask for ECDSA key fingerptint type yes and enter the password that we set for the SFTP user in step 6.

SFTP server setup on Ubuntu in a single file

All the steps in a single file:

# Step 1 (Check the OpenSSH package)
dpkg -l | grep ssh
# Step 2 (SSH Installation)
sudo apt install ssh
# Step 3 (Setting Up a New SFTP User with Group Membership)
sudo useradd -m sftpuser -g sftp
# Step 3 (Updating configuration of SSHD)
sudo nano /etc/ssh/sshd_config
# Add the below commands at the end of the file:
Match group sftp
ChrootDirectory /home
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
# Step 4 (Restart the SSH service)
sudo service ssh start
# Step 5 (Verify SFTP Users and Groups)
sudo groupadd sftpgroup
sudo useradd -G sftpgroup -d /srv/sftpuser -s /sbin/nologin sftpuser
# Step 6 (Setting Up an SFTP User Password)
passwd sftpuser
# New password
# Retype new password
# Step 7 (Setting Chroot)
mkdir -p /srv/sftpuser
sudo chown root /srv/sftpuser
sudo chmod g+rx /srv/sftpuser
mkdir -p /srv/sftpuser/data
chown sftpuser /srv/sftpuser/data
# Step 8 (Establish a connection to the Ubuntu SFTP server)
sftp sftpuser@127.0.0.1
Complete commands for creating SFTP server

In the terminal below, we can run all the commands mentioned in the Step-by-step process to install the SFTP server.

Terminal 1
Terminal
Loading...

Free Resources

Copyright ©2025 Educative, Inc. All rights reserved