Contents...
SFTP stands for SSH File Transfer Protocol. It is secure way to transfer file between two remote systems. If you want to create a user on your system that will be used only for transfer files and not to ssh to the system, you should create the directory for that particular user and provide the access to that directory only over sftp. You will not need to install any extra package for sftp on the server, because SSH comes up as default package when you install OS.
In this article I am going to explain how you can setup and configure SFTP server in Linux machine.
Step #1: Verify the SSH Package
Follow the below command to confirm SSH package is installed or not on your system.
# rpm -qa|grep ssh openssh-server-5.3p1-118.1.el6_8.x86_64 libssh2-1.4.2-1.el6.x86_64 openssh-clients-5.3p1-118.1.el6_8.x86_64 openssh-5.3p1-118.1.el6_8.x86_64
Step #2: Create User and Group
Create a group than create a user and add that user in group.
# groupadd sftpusers
Now create a user and assign it to the sftpusers group like below.
# useradd -g sftpusers -d /sftpdata -s /sbin/nologin santosh # password santosh Changing password for user santosh. New password: BAD PASSWORD: it is based on a dictionary word Retype new password: passwd: all authentication tokens updated successfully.
Now create a additional directory called data.
# mkdir /data/santosh
Step #3: Assign Permission to Directory
Now create a sftpdata directory under /data/santosh, then assign permission like below.
# chown -R santosh:sftpusers /data/santosh # mkdir -p /data/santosh/sftpdata # chown -R santosh:sftpusers /data/santosh/sftpdata
Once done, verify it.
# ls -ld /data/ drwx-----x 14 root root 4096 Mar 29 11:13 /data/ # ls -ld /data/santosh drwxr-xr-x 4 santosh sftpusers 4096 Mar 29 11:14 /data/santosh # ls -ld /data/santosh/sftpdata drwxr-xr-x 2 santosh sftpusers 4096 Mar 29 11:14 /data/santosh/sftpdata # cat /etc/passwd|grep santosh santosh:x:501:501::/sftpdata:/sbin/nologin
Step #4: Configure SSH
Now configure the ssh protocol to create an sftp process. You will need to edit /etc/ssh/sshd_config file to do this.
# vim /etc/ssh/sshd_config Subsystem sftp internal-sftp Match Group sftpusers ChrootDirectory /data/%u ForceCommand internal-sftp
Save and close file.
Step #5: Restart SSH Service
Once done restart SSH service.
# service sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ]
Testing
Sftp configured successfully, now let’s go for test it. First verify the SSH port. To do this you will need to install nmap.
# yum install nmap -y
Now verify SSH port.
# nmap -n sftp_server
Starting Nmap 5.51 ( http://nmap.org ) at 2017-03-29 02:27 MYT
Nmap scan report for SFTP01 (192.168.0.5)
Host is up (0.000085s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
You can see above, port 22 is open on the sftp server. It is default SSH port.
Now try to access the SFTP from client machine.
# which sftp /usr/bin/sftp # sftp santosh@sftp_server Connecting to sftp_server... santosh@sftp_server's password: sftp> pwd Remote working directory: /sftpdata
Congrets! Now your SFTP server is accessible.
Now create a test file in sftpdata directory.
# cd /data/santosh/sftpdata # touch test.txt
Now test it.
# sftp santosh@sftp_server Connecting to sftp_server... santosh@sftp_server's password: sftp> pwd Remote working directory: /sftpdata sftp> ls test.txt sftp> get test.txt Fetching /sftpdata/test.txt to test.txt sftp> quit
Great! your sftp test has been successful.
Now try to access SSH using user santosh.
# ssh santosh@sftp_server santosh@sftp_server's password: ^CConnection to sftp_server closed.
You can see user won’t be able to use SSH service because previously we’ve set configuration as /sbin/nologin.
I hope this article will help to configure sftp server. If you have any queries and problem please comment in comment section.
If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at LookLinux Submit Article. Stay connected to Facebook.
Hi, I do believe this is a great site. I stumbledupon it 😉
I will revisit once again since i have saved as a favorite it.
Money and freedom is the greatest way to change, may you be rich
and continue to help others.
Hello, just wanted to say, I loved this post. It was inspiring.
Keep on posting!
My brother recommended I might like this website. He used
to be totally right. This publish truly made
my day. You can not consider simply how a lot time I had spent for this info!
Thank you!
Appreciation to my father who shared with me regarding
this web site, this web site is genuinely awesome.
Write failed: Broken pipe Error
[root@oracleodi ~]# sftp emily@localhost
Connecting to localhost…
The authenticity of host ‘localhost (::1)’ can’t be established.
RSA key fingerprint is b9:44:a5:85:85:98:6a:c8:e0:2e:89:58:a1:99:35:18.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘localhost’ (RSA) to the list of known hosts.
emily@localhost’s password:
Write failed: Broken pipe
Couldn’t read packet: Connection reset by peer