Transfer files with your server using an encrypted protocol.

Table of Contents

Requisites

Server

SFTP is based on SSH, so you need to have SSH server installed (Creating an SSH server). For the same reason, you need to open port 22 on your server network (or the SSSH port you want to use, in that case remember to edit sshd config).

Client

You need an SFTP client, like Filezilla.

Create an SFTP user

By default, any user who can login through SSH, can login through SFTP. But if you want a user that cannot use SSH, but only SFTP, you can follow these steps (as root or using sudo):

  1. Create a new user (in this case “juan”).
    useradd -m juan
    
    • -m creates a home folder for the user. This is optional, but we will use this folder for SFTP.
  2. Set a password for “juan”.
    passwd juan
    
  3. Open /etc/ssh/sshd_config and add this at the end.
    Match User juan
      ChrootDirectory /home
      ForceCommand internal-sftp
    
    • You can use another folder for the root directory, but that folder needs to be owned by “root” and only writable by “root”. Inside that folder you can create folders owned by the SFTP user.
  4. Restart ssh.
    # you can reload instead of restart
    systemctl restart ssh