Linux

How to use SFTP in Ubuntu 16.04

How to use SFTP in Ubuntu 16.04

You all might have known about FTP and  also got to know about SFTP.

FTP stands for File transfer protocol and SFTP stands for Secure File Transfer Protocol.

The name may seem similar but their way of functioning differs entirely.

You connection to the server will be encrypted using strong algorithm and the data breach will be prevented.

You can use both FTP and SFTP for file transfer.

However:

SFTP is the secured one and recommended by all.

Today in this article, we are going to see How to enable SFTP in Ubuntu 16.04 server.

Here:

The article is slightly different.

The main reason is the methodology that we follow.

There are a lot of softwares out there that helps you to navigate through the file system using the server username and password.

You can access the server SFTP using the SSH with username and password.

The main drawback is anyone with username and password can access the files inside the server.

The access can be restricted but not entirely for the normal server user

Also, If you want to give FTP access to third party, you can’t be pretty straight forward rather you have limit the access.

In this article, You will see how to create a new user and grant only SFTP access to the user.

Requirements:

You will need Ubuntu 16.04 server with non root user as mentioned in this article and setup firewall.

Creating a new user

First you have to create a new user and  later you have to grant permission to access a specific folder.

Also, you will lock down other access for the user.

To create new user, use the below command.

$ sudo adduser filemg

Here, i named the user filemg for your identification. You can create user with any name which you want.

After the execution of above command, you will be prompted to enter password and some details for the user.

Our next step is to create a directory for SFTP and we will give the newly created user with restricted access to this directory.

Creating Directory for SFTP

First, we will create a directory and then we will restrict the access to that directory.

The main problem is that root does not own the home directory.

Only the Concerned user owns it.

The parent directory of SFTP should belong to root and only the root should be able to use the write the parent directory.

We will only allow the user to access the SFTP directory.

First, let us create the /var/sftp/uploads directory.

Here root will have the ownership of /var/sftp.

At the same time /var/sftp/uploads will be owned by the filemg.

$ sudo mkdir -p /var/sftp/uploads

Now, let us assign the ownership of /var/sftp/ to the root user.

$ sudo chown root:root /var/sftp

After that, we will give the root user read and write permission and we will limit the access to read and execute for the other users.

$ sudo chmod 755 /var/sftp

Then, it is the time to set the /var/sftp/uploads ownership to filemg.

$ sudo chown filemg:filemg /var/sftp/uploads

We have to make some changes in the SSH configuration so that the terminal access will be disabled for the filemg.

Limit the Access to the User

Here, we will only allow the user to perform file transfer and we will disable the terminal access.

For that add the following codes at the bottom of the configuration file.

$ sudo nano /etc/ssh/sshd_config

Now the file will open and paste the code.

/etc/ssh/sshd_config

. . .

Match User filemg

ForceCommand internal-sftp

PasswordAuthentication yes

ChrootDirectory /var/sftp

PermitTunnel no

AllowAgentForwarding no

AllowTcpForwarding no

X11Forwarding no

Replace filemg with your user name. Then save and close the file.

Here, we will see the function of each line.

Match User:

This directive tells the system to apply the below changes only to the mentioned user.

ForceCommand internal-sftp:

This directive enables the SFTP when the user logs in and it will also disable the SSH access to the server for this user.

PasswordAuthentication Yes:

Enables password authentication for the mentioned user.

ChrootDirectory /var/sftp/ User will not be allowed outside of /var/sftp. The access is restricted.

{AllowAgentForwarding no

AllowTcpForwarding no

X11Forwarding no} :

All of the above directives block the agent forwarding, tcp forwarding and X11 forwarding for the user.

After that, save and close the configuration file.

You can create many numbers of SFTP users using this method.

To make the changes to work, you have to restart the system service.

$ sudo systemctl restart sshd

The changes will start working on and the filemg will have only access to the file transaction.

Next, let us test the configuration.

Test the configuration

Now, we are going to check whether the SFTP function is working properly or not.

For that, we will execute all the SFTP operations one by one and check the output.

First, connect to the server with the filemg user.

$ ssh filemg@localhost

You will get the following message.

Error message

This service allows sftp connections only.

Connection to localhost closed.

The message itself indicates that this account can only be used for SFTP purpose.

Next, You have to check whether you could connect to SFTP or not.

$ sftp filemg@localhost

If you are connected successfully, then it means that you could access the SFTP to perform operations.

Connected to localhost.

sftp>

To view the available files inside the directory.

sftp> ls

Now, you could see the file listed there.

Output

Upload

You can see upload directory which you are allowed to access.

Here, let us try to move to home directory using cd utility

sftp> cd

You will be in the same directory.

The reason is that the user is restricted to access the parent directory.

Now, we have verified and things are working fine.

If you have any problem, you might have made a mistake while following the procedure.

Make sure to do that again without any mistake.

When you are hosting multiple websites on a server and want to give access to the different user, this method will help you.

Conclusion

Here, you have learned how to create an SFTP user without SSH access.

Also, you learned how to restrict the access to a specific directory for the SFTP user.

You can create many users and allocate many directories to access for the user using this method.

If you have any doubt in configuring the SFTP without SSH connection, let me know that in the comment, I will help you.

About Author:

TechLinu.com Contributor

I am Selvakumar an Online Marketer and technology lover. I like to learn new things and share that with people.

Previous ArticleNext Article
TechLinu.com – is a computer & technology resource website. TechLinu provides up to date tutorials on computers, smartphone, games, cyber security, internet, programming, Linux, windows and how to blog and make money online.

5 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge

Good NEWS! TechLinu.com gone green, we've moved to SSL (HTTPS) to provide our users a secure experience.Report Problem
+