Steps to create and configure SFTP User on Linux

Overview

SFTP [Secure File Transfer Protocol] is a separate protocol packaged with SSH that works in a similar way over a secure connection. The advantage is the ability to leverage a secure connection to transfer files and traverse the filesystem on both the local and remote system.

Some benefits of SFTP :

  • Data encryption and secure storage
  • File transfer and manipulation functionality over any reliable data stream.
  • Easy to setup

When we required SFTP connection?

Let's assumes that you have client who wants to access some files on server but you can not provide direct access to server. Here you should create the directory, copy those files in that directory and then provide the access to that directory only over sftp.

When you start working on sftp you would not need to install any extra package for SFTP. Because it is already come up as default package when you install OS. But just to confirm which sftp package and version is available on your system. Run the below rpm command,

$ rpm -qa|grep ssh

openssh-server-5.3p1-118.1.el6_8.x86_64
libssh2-1.4.2-1.el6.x86_64
openssh-clients-5.3p1-118.1.el6_8.x86_64
openssh-5.3p1-118.1.el6_8.x86_64

Once you confirmed that the ssh is available on system. Let's move ahead with the configuration part of SFTP server.

Step1: Create User & Group

First create the group then add the sftp user in that group. In useradd command, i have provide the groupname, directory name, login option and name of sftp user.

This command directly store the information to the /etc/passwd file.

$ groupadd sftpusers
$ useradd -g sftpusers -d /path/to/files -s /sbin/nologin sftpuser
$ passwd sftpuser

Changing password for user shahrilk.

New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.

Check the user information is available inside the /etc/passwd file using below grep command,

$ cat /etc/passwd|grep sftpuser

Step 2: Add permission to Directory

Below chown command is you to provide access rights to sftpuser to access the mentioned directory path.

$ chown -R sftpuser:sftpusers /data/dirstatinfo/csvfiles

Step 3: Configure SSH Protocol

Now we are going to configure the ssh protocol to create an SFTP process. You can done this through editing the configuration file "/etc/ssh/sshd_config".

Add these lines end of the configuration file and changed directory name according to your requirement.

$ vim /etc/ssh/sshd_config

Subsystem sftp internal-sftp
Match Group sftpusers
ChrootDirectory /path/to/files
ForceCommand internal-sftp

 

Step 4: Enable Chroot For Directory

Run below setsebool command to enable the chroot on your directory.

$ setsebool -P ssh_chroot_rw_homedirs=1 

 

Step 5: Restart the SSH Service.

After making the changes in sshd_config file, we need to restart the ssh service. use below command,

$ /etc/init.d/sshd restart

I hope you like the article if you find any difficulties then please do comment your queries or problem via the comment section, till then stay tuned to techthings.org for more such valuable articles.

Latest Comments
  1. Namesh March 9, 2017

Leave a Reply

Your email address will not be published. Required fields are marked *