SFTP stands for SSH file transfer protocol, It is not the actual FTP server, rather the extension of SSH, which uses SSH tunnel to transfer the files between server and client.
SFTP is more than SCP, as it supports more features than SCP with an integration of remote SCP client. If you want to learn more about SFTP check out this wiki.
OK, to configure SFTP we don’t need to install extra packages, as I have already told you, it’s just an extension of ssh, you might be guessing, you need to make some tweaks to your
sshd_config file, you are right.
OK, Open your
sshd_config file, which resides under
/etc/ directory, feel free to use any text editor you want. I love VIM.
sshd_config file on line no
#Subsystem sftp /usr/lib/openssh/sftp-server to
Next, we need to define a policy, based on user or a group. At the last of a
sshd_config file, put the following code given below.
The above policy tells sftp server to authenticate all the users which belong to
Sftp_Group and Chroot them only into their home directory,
so that they can’t browse and access the parent directories and other user directories.
One important thing to keep in mind while configuring sftp server is, the parent directory must be always owned by a
root user. Let’s say, We want to export the home directory of a user test and we want her to confine into her home directory only. To do that first we need to create a test user with a home directory
test(of course, you can create a home directory with any name) and make her a member of
Sftp_Group, such that the parent directory of a test user must own by the root user. Let’s create a test user.
The above command adds a user
test with a home directory
test and a secondary group
Sftp_Group. As we know parent directory should be owned by the root user. The user
test has been created. Let’s set the password for a test user.
The above command will let you set a password for user
test. Using password command we have also set a password for user test.
Now it’s time to create a public_html directory under the /test directory, such that it is owned by the user test and the parent directory of this public_html is owned by a user root.
With the above series of commands, we can now access the sftp server via sftp client.
To test using SFTP protocol, You can use any SFTP client, in market there are many sftp clients some of them are advance with a feature of a window explorer integrations. For testing purpose. Filezilla would be a perfect choice for us.
One final thing, Before connecting to our SFTP server, we need to restart our SSH server.
To connect to the SFTP server, we need to prefix the server name with a a sftp prefix as shown below.