Enable SFTP on LINUX server

How to enable SFTP (Secure File Transfer Protocol) at your LINUX server to make it accessible by for example: FILEZILLER (https://filezilla-project.org)

This tutorial was successful tested with System: Ubuntu 20.04.03 LTS Shell: bash

Create several tabs with open ssh connection, in case something went wrong and the ssh pipe gets broken and you need to reset ssh settings!

Let´s check if ssh is already running.

sudo systemctl status ssh
# OUTPUT should be similar to:
 ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2022-01-21 12:43:25 UTC; 1s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 47402 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 47413 (sshd)
Tasks: 1 (limit: 462)
Memory: 1.1M
CGroup: /system.slice/ssh.service
└─47413 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startupsbash

On your linux server you need to create a new user "sftpuser" as well as a group "sftp". we will specify this group as sftp user group.

Attention: if you add a user to the sftp group because the user will NOT be allowed to use SSH! In worst case you are logged out of your server. Do NOT add a sudo user that you are using to connect to your server to the sftp group!

On your linux server you need to create a new user "sftpuser" as well as a group "sftp". we will specify this group as sftp user group.

addgroup sftp
useradd -m sftpuser -g sftp
passwd sftpuser
chmod 755 /home/sftpuser

Now we need to modify the ssh configuration file and enable sftp. Add the following lines to the end of sshd_config file.

cp /etc/ssh/sshd_config /etc/ssh/sshd_config_bck 
sudo nano /etc/ssh/sshd_config

Add these 5 lines to the end of sshd_config

Match group sftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

To verify that the sshd_config file is correct pls run sudo sshd -t if it retuns nothing everything is fine and we can restart the sshd.service

If you get some feedback / output / error from sudo sshd -t Do not go on with the next step. In worst case ssh does not work properly and you are locked out of your server.

systemctl restart ssh

If you are using private and public key access (RSA) on ssh you propably need to copy authorized_keys, known_hosts into the sftpuser home folder /home/sftpuser/.ssh

Congratulations. Now you can try to connect over sftp from your local host via FileZiller.

PreviousSimple TransactionsNextLinux commands

Last updated