Easy Steps To Set up SFTP Server on Ubuntu 22.04 – OrcaCore

By Posted on

Easy Steps To Set up SFTP Server on Ubuntu 22.04 – OrcaCore

In this guide, we’ll walk you through the process to Set up SFTP Server on Ubuntu 22.04. Secure File Transfer Protocol ( SFTP) is a crucial network protocol that provides a secure way to access, transfer, and manage both large files and sensitive data across a network. It’s a cornerstone of secure data handling in modern computing.

SFTP offers a secure method for accessing, transferring, and managing files over a network. It leverages Transport Layer Security (TLS) for secure file transfers and is often used for data transfer within virtual private network (VPN) applications.

The security of SFTP stems from its use of SSH (Secure Shell) to transfer files. This requires client authentication by the server. Both commands and data are encrypted, preventing the exposure of sensitive information like passwords in plain text over the network. This makes SFTP a far superior choice compared to older, less secure protocols like FTP.

You can now follow the guide steps below on the Orcacore website to start Set up SFTP Server on Ubuntu 22.04.

Before you begin to Set up SFTP Ubuntu 22.04, ensure you’re logged into your Ubuntu 22.04 server as a non-root user with sudo privileges. If you haven’t already, our guide on Initial Server Setup with Ubuntu 22.04 will walk you through the necessary steps.

1. Install SSH for SFTP Ubuntu 22.04

To Set up SFTP Server on Ubuntu 22.04, you’ll need SSH installed on your server. Most Ubuntu installations include SSH by default, but it’s always a good practice to verify and ensure it’s up to date.

First, update your local package index using the following command:

sudo apt update

This command ensures you have the latest information about available packages.

Then, use the following command to install SSH:

sudo apt install ssh -y

The -y flag automatically answers "yes" to any prompts during the installation, streamlining the process.

Start and Enable SSH Service

Once the installation is complete, start and enable the SSH service so that it automatically starts on boot using these commands:

sudo systemctl start ssh
sudo systemctl enable ssh

The start command initiates the SSH service immediately. The enable command configures the service to start automatically each time the server boots up.

Verify that your SSH service is active and running correctly on Ubuntu 22.04 using the following command:

sudo systemctl status ssh

This command will display the current status of the SSH service, indicating whether it’s running and any relevant information.

● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2024-01-23 10:00:00 UTC; 10min ago
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 1234 (sshd)
      Tasks: 1 (limit: 4616)
     Memory: 1.5M
        CPU: 10ms
     CGroup: /system.slice/ssh.service
             └─1234 sshd: /usr/sbin/sshd -D
Install SSH for SFTP Ubuntu 22.04

2. Configure SFTP User Account on Ubuntu 22.04

To enhance security and manage user access effectively, create a dedicated group for SFTP users. This allows you to grant specific permissions to a group of users, isolating their access to designated directories.

First, create a group named "sftp" using the following command. You can choose any name you prefer for the group.

sudo addgroup sftp
Output
Adding group `sftp' (GID 1000) ...
Done.

Next, create a user account that will be associated with the SFTP group. This user will have the necessary privileges to access and transfer files via SFTP. Again, you can choose your desired username.

sudo useradd orca

Verify that the user has been created successfully by checking the /etc/passwd file:

less /etc/passwd | grep orca
Output
orca:x:1000:1001::/home/orca:/bin/sh

Set a password for the new user account. This password will be required for SFTP authentication.

sudo passwd orca
Output
New password:
Retype new password:
passwd: password updated successfully

Now, add the newly created user to the SFTP group:

sudo usermod -a -G sftp orca

The -a flag ensures that the user is added to the group without being removed from any other groups they might already belong to. The -G flag specifies the group to which the user should be added.

Verify that the user has been successfully added to the SFTP group by examining the /etc/group file:

grep sftp /etc/group
Output
sftp:x:1000:orca

As you can see from the output, the user "orca" has been successfully added to the "sftp" group.

3. Configure a Transfer File for SFTP Ubuntu 22.04

To restrict SFTP users to specific directories and prevent them from accessing the entire file system, configure a chroot environment. This enhances security by limiting the scope of user access.

Create a directory that will serve as the root directory for SFTP users. This directory will be the highest level of the file system that the SFTP users can access.

sudo mkdir -p /var/sftp/Document

The -p flag ensures that any parent directories that don’t already exist are created as well.

Set the ownership of the /var/sftp directory to the root user. This is important for security reasons, as it prevents SFTP users from modifying the directory itself.

sudo chown root:root /var/sftp

Set the appropriate permissions for the /var/sftp directory. These permissions allow the root user to write to the directory, while allowing other users to read and execute files within it.

sudo chmod 755 /var/sftp

Allow access to the "Documents" directory to the SFTP user ("orca"). This grants the user the necessary permissions to upload and download files within this directory.

sudo chown orca:orca /var/sftp/Document

Edit the SSH configuration file to enable the chroot environment and restrict SFTP users to the specified directory. Open the file using your favorite text editor. Here, we use vi:

sudo vi /etc/ssh/sshd_config

Locate the line Subsystem sftp /usr/lib/openssh/sftp-server and add the following configuration block below it:

Subsystem sftp  /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server
Match User orca
ChrootDirectory /var/sftp
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
...

The Match User directive specifies the user account for which the following settings should apply. The ChrootDirectory directive sets the root directory for the user. The X11Forwarding no and AllowTcpForwarding no directives disable X11 forwarding and TCP forwarding, respectively, further enhancing security. The ForceCommand internal-sftp directive forces the user to use the internal SFTP server.

Save the changes and close the file.

Restart the SSH service to apply the changes:

sudo systemctl restart ssh

4. Login to SFTP Server on Ubuntu 22.04

First, connect to the user "orca" using the SSH service for testing purposes:

ssh orca@localhost
Output
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'localhost' (ED25519) to the list of known hosts.
orca@localhost's password:
This service allows sftp connections only.
Connection to localhost closed.

This confirms that the user is restricted to SFTP connections only.

To test from the same system, connect to the loopback address 127.0.0.1:

sftp orca@127.0.0.1
Output
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '127.0.0.1' (ED25519) to the list of known hosts.
orca@127.0.0.1's password:
Connected to 127.0.0.1.
sftp>

List the directories accessible to the SFTP user:

sftp> ls
Document

To exit the SFTP server, use the exit command:

sftp> exit

5. Uninstall SFTP From Ubuntu 22.04

If you want to remove SFTP from your server, you can remove the SSH package with all its associated files:

sudo apt purge ssh -y

This command will remove SSH and all of its data.

Conclusion

At this point, you have successfully learned to Set up SFTP Server on Ubuntu 22.04.

Hope you enjoy it. Please subscribe to us on Facebook, Twitter, and YouTube.

Also, you may be interested in these articles:

Install and Configure Odoo 16 on Ubuntu 22.04

Install Nginx with Brotli Compression on Ubuntu 22.04

Install Sendmail Ubuntu 24.04

Debian 12 SFTP Server Setup

Alternative Solutions for Setting up SFTP on Ubuntu 22.04

While the above method using SSH and sshd_config is a standard and effective approach, here are two alternative solutions to Set up SFTP Server on Ubuntu 22.04 that offer different levels of complexity and flexibility:

1. Using a Dedicated SFTP Server Software (vsftpd):

vsftpd (Very Secure FTP Daemon) is a lightweight and popular FTP server that can be configured to operate as an SFTP server (though, technically, it becomes FTPS when using TLS/SSL). While it’s primarily an FTP server, its security features and configuration options make it a viable alternative for SFTP, especially if you need more granular control over user permissions and virtual user setups. However, note that vsftpd does not natively support SFTP (which runs over SSH). You need to configure TLS/SSL for secure data transfer, making it FTPS.

  • Explanation: Instead of relying solely on SSH’s internal SFTP subsystem, vsftpd provides a dedicated server process specifically designed for file transfer. This allows for more fine-grained control over aspects like user authentication, bandwidth limits, and virtual users. While it doesn’t directly implement SFTP (which depends on SSH), configuring it with TLS/SSL provides similar security guarantees (FTPS).

  • Example:

    First, install vsftpd:

    sudo apt update
sudo apt install vsftpd

    Configure vsftpd to use TLS/SSL for secure connections. Edit the /etc/vsftpd.conf file:

    sudo nano /etc/vsftpd.conf

    Make the following changes (adapt paths as needed):

    listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

    Restart the vsftpd service:

    sudo systemctl restart vsftpd

    You would also need to configure firewall rules to allow FTPS traffic (port 990 for control and a range for data). This approach, while providing more control, requires careful configuration of TLS/SSL and firewall settings to ensure security. You’ll need an FTP client that supports FTPS (FTP over SSL/TLS).

2. Using a Docker Container:

  • Explanation: Docker allows you to containerize the SFTP server along with its dependencies, providing a consistent and isolated environment. This eliminates dependency conflicts and simplifies deployment. Several pre-built Docker images are available for SFTP servers, making the setup process quick and easy.

  • Example:

    First, ensure you have Docker installed on your Ubuntu 22.04 server. If not, install it using the official Docker documentation.

    Use a pre-built SFTP Docker image. A popular option is atmoz/sftp.

    Run the Docker container:

    docker run -d -p 2222:22 -v /path/to/your/data:/home/sftpuser atmoz/sftp sftpuser:MySecurePassword:::1001
    • -d: Runs the container in detached mode (background).
    • -p 2222:22: Maps port 22 inside the container to port 2222 on the host machine. Choose a different port on the host if port 22 is already in use.
    • -v /path/to/your/data:/home/sftpuser: Mounts the host directory /path/to/your/data to the /home/sftpuser directory inside the container. This is where the SFTP user will have access. Replace /path/to/your/data with the actual path to the directory you want to share.
    • atmoz/sftp sftpuser:MySecurePassword:::1001: Specifies the Docker image to use and sets up the SFTP user (sftpuser), password (MySecurePassword), user ID (1001). Change these values to your desired settings.

    Now you can connect to the SFTP server using the specified username, password, and port (2222 in this example). sftp sftpuser@your_server_ip -P 2222

These alternative methods each offer different advantages and disadvantages in terms of complexity, control, and security. Choose the method that best suits your specific needs and technical expertise when you Set up SFTP Server on Ubuntu 22.04.

Related posts: