Steps to create and configure SFTP User on Linux
Overview
SFTP [Secure File Transfer Protocol] is a separate protocol packaged with SSH that works in a similar way over a secure connection. The advantage is the ability to leverage a secure connection to transfer files and traverse the filesystem on both the local and remote system.
Some benefits of SFTP :
- Data encryption and secure storage
- File transfer and manipulation functionality over any reliable data stream.
- Easy to setup
When we required SFTP connection?
Let’s assumes that you have client who wants to access some files on server but you can not provide direct access to server. Here you should create the directory, copy those files in that directory and then provide the access to that directory only over sftp.
When you start working on sftp you would not need to install any extra package for SFTP. Because it is already come up as default package when you install OS. But just to confirm which sftp package and version is available on your system. Run the below rpm command,
$ rpm -qa|grep ssh
openssh-server-5.3p1-118.1.el6_8.x86_64
libssh2-1.4.2-1.el6.x86_64
openssh-clients-5.3p1-118.1.el6_8.x86_64
openssh-5.3p1-118.1.el6_8.x86_64
Once you confirmed that the ssh is available on system. Let’s move ahead with the configuration part of SFTP server.
Step1: Create User & Group
First create the group then add the sftp user in that group. In useradd command, i have provide the groupname, directory name, login option and name of sftp user.
This command directly store the information to the /etc/passwd file.
$ groupadd sftpusers
$ useradd -g sftpusers -d /path/to/files -s /sbin/nologin sftpuser
$ passwd sftpuser
Changing password for user shahrilk.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
Check the user information is available inside the /etc/passwd file using below grep command,
$ cat /etc/passwd|grep sftpuser
Step 2: Add permission to Directory
Below chown command is you to provide access rights to sftpuser to access the mentioned directory path.
$ chown -R sftpuser:sftpusers /data/dirstatinfo/csvfiles
Step 3: Configure SSH Protocol
Now we are going to configure the ssh protocol to create an SFTP process. You can done this through editing the configuration file “/etc/ssh/sshd_config“.
Add these lines end of the configuration file and changed directory name according to your requirement.
$ vim /etc/ssh/sshd_config
Subsystem sftp internal-sftp
Match Group sftpusers
ChrootDirectory /path/to/files
ForceCommand internal-sftp
Step 4: Enable Chroot For Directory
Run below setsebool command to enable the chroot on your directory.
$ setsebool -P ssh_chroot_rw_homedirs=1
Step 5: Restart the SSH Service.
After making the changes in sshd_config file, we need to restart the ssh service. use below command,
$ /etc/init.d/sshd restart
I hope you like the article if you find any difficulties then please do comment your queries or problem via the comment section, till then stay tuned to techthings.org for more such valuable articles.
About The Author
Techthings
Welcome to TechThings. I'm Prashant Thorat, a tech-blogger from Mumbai, India. I started Techthings as a passion and to share my knowledge about technologies. Here at Techthings I write about Linux technologies, Aws Cloud, Wordpress blogging and scripting knowledge. You can read more about me at About us page. Thank You :)
Nice work Prashant
Keep it up
Hi,
I want to copy folder with date and time stamp from one linux server to another linux server using SFTP, Is there any script for that ?