In this tutorial, we will help you to set up an SFTP server and create an SFTP-only user on Ubuntu 22.04 systems. That account can connect over SFTP but is not able to connect over SSH. Also, this will restrict (chroot) the SFTP user to a specific directory only.
Prerequisites
A running Ubuntu 22.04 LTS system with shell access Requies a sudo privileged account
Step 1 – Installing OpenSSH Server
The Ubuntu servers have already installed the OpenSSH server but the desktop systems may not have it. Use the following command to install and run OpenSSH server:
Step 2 – Create SFTP User
First of all, create a new account in your system to use as sftp user. The following command will create a new account named sftpuser with no shell access. You can change the username of your choice
Step 3 – Configure SFTP Directory
Now, create the directory structure to be accessible by the sftp user. Here we will allow users to access the “files” directory only. Now, change the ownership of the files directory to the sftpuser. So that sftpuser can read and write on this directory only. And set the owner and group owner of the /var/sftp to root. The root user has read/write access on this access. Group members and other accounts have only read and execute permissions.
Step 4 – Update SSH Configuration File
Now edit the SSH configuration file in a text editor and add the following settings at end of file. Make sure to add configuration after the Subsystem line as shown in below screenshot: Save the configuration file and close it. Now validate the configuration file. If the validation is successful, no output will be displayed. In case, any error shows in the output, make sure to fix it before running the next commands. Restart the SSH service to apply changes. All done. SFTP-only user is successfully created on your Ubuntu system. Now try logging into the remote system with the new user’s credentials, and check if everything is working correctly.
Step 5 – Connect to SFTP User
One can connect to a remote SFTP server using a command line or graphical applications like Filezilla or WinSCP. In this tutorial, I will show you both ways to connect sftp to only an account on the Ubuntu system. Linux users can use the sftp command-line utility to connect to a remote sftp instance. You can also connect to a remote SFTP server using graphical interface applications like FileZilla. That is available for both Linux and Windows users. Open the Filezilla application and input to sftp details:
Host: sftp://system-ip-host Username: Use SFTP user created in step 1. Password: Use SFTP user password created in step 1. Port: Use SSH server port or keep empty for default port.
Click the Quickconnect button:
Verify no shell access: As this account is configured for SFTP-only connection. So if any user tried to connect via SSH will be disconnected immediately after successful authentication. The user will get the below message:
Conclusion
In conclusion, setting up an SFTP server is a great way to securely transfer files between computers. By following the steps in this article, you can set up your own SFTP server in no time on Ubuntu systems. If you have any questions, feel free to leave a comment below and we’ll be happy to help.