Saturday 7 April 2018

How to configure SFTP Server on Centos7/RHEL7 - One user

SSH File Transfer Protocol (SFTP) is application protocol designed to allow easily transfer files between computers. Many users prefer to use SFTP. SFTP provides file access, transfer, and management tools that resemble FTP through a secure SSH connection. However, SFTP is not merely FTP over SSH. Instead, it is an entirely separate protocol. 

We just require to confirm the packages openssh installed on the server and that got already installed while installation Centos/RHEL server.

Step 1: follow the below commands to check if the openssh packages installed:

[root@linuxcnf ~]# ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013
[root@linuxcnf ~]#

As per above screenshot Openssh package is installed. Now we can configure SFTP. Follow the below steps to configure SFTP Server:

Step 2: Create a directory and change ownership/permission for the directory that we are useing in sftp configuration:

[root@linuxcnf ~]# mkdir /data
[root@linuxcnf ~]# mkdir –p /data/sftpdata
[root@linuxcnf ~]# chown root:root /data/
[root@linuxcnf ~]# chmod 755 /data/

Creating user with changing default home directory and default login shell:

[root@localhost ~]# useradd -d /data/sftpdata -s /sbin/nologin sftpuser
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[root@localhost ~]#

Step 4: Change ownership/permission for /data/sftpdata/ for access to across all users belongs to sftpgroup:

[root@linuxcnf ~]# chown sftpuser:sftpuser /data/sftpdata/
[root@linuxcnf ~]# chmod 775 /data/sftpdata/

Step 5: Now edit the config file “/etc/ssh/sshd_config” :

[root@linuxcnf ~]# vi /etc/ssh/sshd_config
#Add below lines in /etc/ssh/sshd_config file and comment existing Subsystem
Subsystem sftp internal-sftp -f AUTHPRIV -l VERBOSE

# Example of overriding settings on a per-user basis
#Match user %u

Match group sftpgroup
ChrootDirectory /data/
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp -f AUTHPRIV -l VERBOSE

Save the file and restart sshd service:

[root@linuxcnf ~]# service sshd restart
Redirecting to /bin/systemctl restart sshd.service
[root@linuxcnf ~]#

Step 6: Now test the configured sftp:

Testing with user 1 - sftpuser:

[root@linuxcnf ~]# sftp sftpuser@
Connecting to
sftpuser@'s password:
sftp> pwd
Remote working directory: /
sftp> ls

SFTP configuration done!!!

No comments:

Post a Comment