Set up SFTP Server on Centos 7: Best File Transfer

By Posted on

Set up SFTP Server on Centos 7: Best File Transfer

Set up SFTP Server on Centos 7: Best File Transfer

In this guide from Orcacore, we’ll walk you through how to Set up SFTP Server on Centos 7. Secure Shell (SSH) File Transfer Protocol, commonly known as SFTP, is a highly reliable method for securely transferring and accessing files online. Set up SFTP Server on Centos 7 and enhance your data security.

Unlike file transfer methods that rely solely on user IDs and passwords, SFTP allows administrators to configure SSH keys unique to each user. This adds an extra layer of security, making the process safer and potentially saving you time and money in the long run. SFTP is an invaluable tool for moving files between servers efficiently and securely.

To begin the SFTP server setup, log in to your CentOS 7 server as a non-root user with sudo privileges. If you need assistance with this, refer to our guide on Initial Server Setup with Centos 7.

1. Install SSH on Centos 7

SSH is a prerequisite for setting up an SFTP server. First, update your local package index using the following command:

sudo yum update -y

Next, install SSH using the command:

sudo yum install openssh-server -y

Start and Enable SSH Service

Once the installation is complete, start and enable the SSH service to automatically start on boot using these commands:

# sudo systemctl start sshd
# sudo systemctl enable sshd

Verify that the SSH service is active and running on CentOS 7:

sudo systemctl status sshd

[Image: SSH Service Status Verification]

2. Configure SFTP User Account on Centos 7

Now, you’ll need to create a group for SFTP to grant shared permissions to a set of users.

First, create a group named "sftp" (or your preferred name) using the command:

sudo groupadd sftp

Then, create a user who will have the same privileges as the group. Use the following command, substituting "orca" with your desired username:

sudo useradd orca

Confirm that the user has been created using:

less /etc/passwd | grep orca
Output:
orca:x:1000:1001::/home/orca:/bin/bash

Set a password for the new user with:

sudo passwd orca

[Image: Setting Password for SFTP User]

Add the newly created user to the SFTP group:

sudo usermod -a -G sftp orca

Verify the SFTP group details:

grep sftp /etc/group
Output:
sftp:x:1000:orca

This confirms that the user "orca" has been successfully added to the SFTP group.

3. Configure a Transfer File for SFTP Server Setup

Next, create a directory that the users can access, restricting them from accessing the entire file system.

Create the directory under /var/sftp/ using:

sudo mkdir -p /var/sftp/Document

Set the ownership of the directory to the root user:

sudo chown root:root /var/sftp

Set the appropriate permissions for the directory:

sudo chmod 755 /var/sftp

Grant access to the "Document" directory to the SFTP user ("orca"):

sudo chown orca:orca /var/sftp/Document

Edit the SSH configuration file using your preferred text editor (here, we use the vi editor):

sudo vi /etc/ssh/sshd_config

Find the line Subsystem sftp /usr/lib/openssh/sftp-server and add the following content below it:

Subsystem sftp  /usr/libexec/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server
Match User orca
ChrootDirectory /var/sftp
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Save and close the file.

Restart SSH to apply the changes:

sudo systemctl restart sshd

4. Login to the SFTP Server on Centos 7

First, test the connection using SSH with the user "orca":

ssh orca@localhost

[Image: SSH Login Attempt]

To test from the same system, connect to the loopback address 127.0.0.1:

sftp orca@127.0.0.1

[Image: SFTP Login using Loopback Address]

List the directories accessible via SFTP:

sftp> ls
Document

To exit the SFTP session, use the exit command:

sftp> exit

5. Uninstall SFTP From Centos 7

If you need to remove SFTP from your server, you can delete the SSH server along with all its associated files:

sudo yum remove openssh-server -y

This command will remove SFTP and all related data.

Conclusion

SFTP provides a secure and encrypted way to upload, download, and manage files between a client and a server. You have now successfully learned how to Set up SFTP Server on Centos 7.

We hope you found this guide helpful. You might also be interested in these articles:

Install Google Chrome Web Browser on Centos 7

Set Up Time Synchronization on Centos 7

FAQs

What port does SFTP use?

SFTP uses port 22 by default, the same as SSH. To change it, you need to edit the /etc/ssh/sshd_config and change the Port value.

How to restrict SFTP users from accessing SSH?

Set ForceCommand internal-sftp in the Match block of the SSH configuration file for specific users or groups.

Alternative Solutions for Setting Up SFTP Server on CentOS 7

While the method described above is a standard and effective way to Set up SFTP Server on Centos 7, there are alternative approaches that might better suit specific needs or preferences. Here are two such alternatives:

1. Using vsftpd with Chroot Jail

vsftpd (Very Secure FTP Daemon) is a popular FTP server for Linux systems. While FTP itself is not secure, vsftpd can be configured to use TLS/SSL for secure data transfer (FTPS). To achieve SFTP-like security with chroot jail, we can configure vsftpd to restrict users to their home directories.

Explanation:

This method involves installing vsftpd, configuring it to use SSL for encryption, and setting up chroot jails to confine users to their respective home directories. This prevents them from accessing other parts of the file system.

Steps:

  1. Install vsftpd:

    sudo yum install vsftpd -y

  2. Configure vsftpd: Edit the /etc/vsftpd/vsftpd.conf file. Here’s a sample configuration:

    anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
chroot_local_user=YES
user_sub_token=$USER
local_root=/home/$USER
    • chroot_local_user=YES: This is the key setting that enables chroot jail for all local users.
    • local_root=/home/$USER: This sets the root directory for each user to their home directory.
    • ssl_enable=YES: Enables SSL encryption for secure data transfer.

  3. Create SSL Certificates: If you don’t have SSL certificates, generate them:

    sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

  4. Set Permissions: Ensure the home directories are not writable by the user to comply with vsftpd’s security requirements.

  5. Start and Enable vsftpd:

    sudo systemctl start vsftpd
sudo systemctl enable vsftpd

This approach provides a secure FTP server with user confinement, similar to SFTP but using the FTP protocol with SSL encryption and chroot jails. Set up SFTP Server on Centos 7 is easily done with this alternative method.

2. Using a Docker Container

Another alternative is to use a Docker container to encapsulate the SFTP server. This provides isolation and simplifies deployment.

Explanation:

Docker allows you to package an SFTP server and its dependencies into a container, which can then be easily deployed on any system with Docker installed. This ensures consistency and portability.

Steps:

  1. Install Docker: If Docker is not already installed, install it following the official Docker documentation.

  2. Create a Dockerfile: Create a file named Dockerfile with the following content:

    FROM centos:7

RUN yum update -y && 
    yum install -y openssh-server openssh-clients

RUN groupadd sftp_group && 
    useradd -g sftp_group sftp_user

RUN echo "sftp_user:password" | chpasswd

RUN mkdir -p /home/sftp_user/upload

RUN chown root:root /home/sftp_user && 
    chown sftp_user:sftp_group /home/sftp_user/upload

RUN sed -i 's/#PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config && 
    sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/g' /etc/ssh/sshd_config && 
    sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config

RUN echo "Subsystem sftp internal-sftp" >> /etc/ssh/sshd_config
RUN echo "Match User sftp_user" >> /etc/ssh/sshd_config
RUN echo "ChrootDirectory /home/sftp_user" >> /etc/ssh/sshd_config
RUN echo "ForceCommand internal-sftp" >> /etc/ssh/sshd_config
RUN echo "AllowTcpForwarding no" >> /etc/ssh/sshd_config

EXPOSE 22

CMD ["/usr/sbin/sshd", "-D"]
    • This Dockerfile installs SSH, creates a user sftp_user, sets up chroot jail, and configures SSH for SFTP access. Remember to change the default password.

  3. Build the Docker Image:

    docker build -t sftp-server .

  4. Run the Docker Container:

    docker run -d -p 2222:22 sftp-server
    • This command runs the container in detached mode and maps port 2222 on the host to port 22 inside the container. You can then connect to the SFTP server on port 2222 of the host.

This method encapsulates the SFTP server in a Docker container, providing isolation, portability, and ease of deployment. Set up SFTP Server on Centos 7 with docker is a scalable and maintainable solution.

These alternative methods offer different approaches to setting up a secure file transfer server on CentOS 7, depending on your specific requirements and preferences.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *