How to set up an SFTP server

Transfer files with your server using an encrypted protocol.

Table of Contents

• Requisites
  • Server
  • Client
• Create an SFTP-only user

Requisites

Server

SFTP is based on SSH, so you need to have SSH server installed (Creating an SSH server). For the same reason, you need to open port 22 on your server network (or the SSH port you want to use, in that case remember to edit ‘sshd’ config on /etc/ssh/sshd_config).

Client

You need an SFTP client, like Filezilla or SFTP command line tool (check my post).

Create an SFTP-only user

By default, any user who can login through SSH, can login through SFTP. But if you want a user that cannot use SSH, but only SFTP, you can follow these steps (as root or using sudo):

1. Create a new user (in this case “juan”).

   useradd -m juan
   

   • -m creates a home folder for the user. This is optional, but we will use this folder for SFTP.
   • You can run adduser juan instead. In this case, you can skip to step 3.
2. Set a password for “juan”.

   passwd juan
   

3. Open /etc/ssh/sshd_config and add this at the end:

   Match User juan
     ForceCommand internal-sftp
   

   • With this option, the user won’t be able to connect with SSH, but they may use SFTP (and SCP).
4. Restart ssh.

   # you can reload instead of restart
   systemctl restart ssh
   

By default, SFTP starts at the user’s home directory.

If you have any suggestion, feel free to contact me via social media or email.