How to install an Ubuntu SFTP server
Ubuntu is a secure and reliable platform for setting up an SFTP server. This Linux distribution has integrated tools and packages which you can use for SFTP. In our step by step guide we will explain how you can install and configure an Ubuntu SFTP server to securely send data.
Ubuntu SFTP server system requirements
When comparing FTP vs. SFTP the SFTP is a much better choice. Based on FTP, SFTP uses cryptographic processes to encrypt the data. This also means that you need additional components such as Secure Shell (SSH) to install it. To install an SFTP server on the current Ubuntu version 22.04 your system should meet the following minimum requirements:
- Processor (CPU): 2 GHz (Dual core)
- Memory (RAM): 4 GB
- Hard disk drive: depends on data size
- Operating system: Ubuntu, users with root rights
- Software package: OpenSSH
- Internet connection to download packages and connect to the SFTP server
With a secure FTP server from IONOS you will have access to secure file hosting including regular backups and 24/7 support.
Step by step guide to installing an Ubuntu SFTP server
To set up an FTP server which supports SFTP you should first check whether OpenSSH is installed. The packages are usually included as standard on Ubuntu. If this isn’t the case then you can pull the packages from the official repository.
Open the terminal on your Ubuntu system and run the following commands listed here:
Step 1: Check the OpenSSH package
Use the following to view all installed packages and filter for ssh
:
$ dpkg -l | grep ssh
bashIn our example this will give the following result:
If you see ii
it means that the package is installed.
Step 2: Install SSH
If OpenSSH is available, you can install it using APT:
$ sudo apt install ssh
bashStep 3: Change the SSHD configuration
Once installed you can edit the SSH daemon configuration file. You can open it using the Nano editor, for example:
$ sudo nano /etc/ssh/sshd_config
bashThen enter the following:
Match Group sftpgroup
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
bashThis will allow the SFTP group users to access your home directory via SFTP.
- Dedicated enterprise hardware
- Intel® Xeon® or AMD processors
- Leading security technologies
Step 4: Restart the SSH service
Once you’ve made the changes to the configuration file you need to restart the SSH service:
$ sudo systemctl restart sshd
bashStep 5: Create SFTP users and groups
The next step is to create a new group sftpgroup
and a new user sftpuser
, who for security reasons can only access the Ubuntu SFTP server and not the SSH service.
$ sudo groupadd sftpgroup
bashThe new user is added to the SFTP group with the option -G
. -d
sets the home directory and-s
sets the shell access rules.
$ sudo useradd -G sftpgroup -d /srv/sftpuser -s /sbin/nologin sftpuser
bashStep 6: Create SFTP user password
Enter a secure password for the SFTPuser with the command passwd
:
$ passwd sftpuser
bashStep 7: Set up Chroot
By creating the Chroot directory you create a sandbox for currently running processes. First of all you need to set up a new folder:
$ mkdir -p /srv/sftpuser
bashYou then set ownership using chown
on the root user:
$ sudo chown root /srv/sftpuser
bashAdd read and execute group rights:
$ sudo chmod g+rx /srv/sftpuser
bashYou can then set a subdirectory and set certain sftpuser
as owners:
$ mkdir -p /srv/sftpuser/data
$ chown sftpuser:sftpuser /srv/sftpuser/data
bashBy doing so SFTP users can upload files to the subdirectory “data”, however, they will only have limited rights in the sftpuser directory. There they only have reading rights but for security reasons they don’t have writing rights.
Step 8: Connect to the Ubuntu SFTP server
You can create a connection to the SFTP server either via the SFTP command bar or through an FTP client with GUI. Enter the command sftp
, followed by the user and host name or the IP address of the SFTP server.
$ sftp sftpuser@SERVER-IP
bashIf you’re using a user-defined port, you can specify it as follows:
$ sftp -P PORT ftpuser@SERVER-IP
bashYou will then be asked to enter the SFTP user’s password.
Step 9: Upload files to the SFTP server
You can upload files to the SFTP server with the command put
.
Try to transfer a file to the folder /
:
put /path/to/file/on/local /
bashThe command will fail because the SFTP user doesn’t have writing rights in this chroot directory.
Now try it with the folder data
:
put /path/to/file1/on/local1 /data/
bashStep 10: View the files on the Ubuntu SFTP server
You can list the files on the Ubuntu SFTP server with the command ls
:
ls /data/
bashFrom here you can see which files are on the SFTP server:
Read our guide on how to set up a Windows SFTP server.