# Enable SFTP on LINUX server

{% hint style="success" %}
This tutorial was successful tested with\
**System:** Ubuntu 20.04.03 LTS\
**Shell:** bash
{% endhint %}

{% hint style="danger" %}
Create several tabs with open ssh connection, in case something went wrong and the ssh pipe gets broken and you need to reset ssh settings!
{% endhint %}

Let´s check if ssh is already running.

```bash
sudo systemctl status ssh
# OUTPUT should be similar to:
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2022-01-21 12:43:25 UTC; 1s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 47402 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 47413 (sshd)
Tasks: 1 (limit: 462)
Memory: 1.1M
CGroup: /system.slice/ssh.service
└─47413 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startupsbash
```

On your linux server you need to create a new user "sftpuser" as well as a group "sftp". we will specify this group as sftp user group.

{% hint style="danger" %}
**Attention:** if you add a user to the sftp group because the user will NOT be allowed to use SSH! In worst case you are logged out of your server. Do NOT add a sudo user that you are using to connect to your server to the sftp group!
{% endhint %}

On your linux server you need to create a new user "sftpuser" as well as a group "sftp". we will specify this group as sftp user group.

```bash
addgroup sftp
useradd -m sftpuser -g sftp
passwd sftpuser
chmod 755 /home/sftpuser
```

Now we need to modify the ssh configuration file and enable sftp. Add the following lines to the end of `sshd_config` file.

```
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_bck 
sudo nano /etc/ssh/sshd_config 

```

Add these 5 lines to the end of `sshd_config`

```
Match group sftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
```

To verify that the `sshd_config` file is correct pls run \
`sudo sshd -t` \
if it retuns nothing everything is fine and we can restart the `sshd.service`

{% hint style="danger" %}
If you get some feedback / output / error from `sudo sshd -t` \
Do not go on with the next step. In worst case ssh does not work properly and you are locked out of your server.
{% endhint %}

```
systemctl restart ssh 
```

{% hint style="info" %}
If you are using private and public key access (RSA) on ssh you propably need to copy `authorized_keys`*,* `known_hosts` into the sftpuser home folder `/home/sftpuser/.ssh`
{% endhint %}

{% hint style="success" %}
**Congratulations.** Now you can try to connect over sftp from your local host via [FileZiller](https://filezilla-project.org).
{% endhint %}