How to install an Ubuntu SFTP server

Ubuntu is a secure and reliable platform for setting up an SFTP server. This Linux distribution has integrated tools and packages which you can use for SFTP. In our step by step guide we will explain how you can install and configure an Ubuntu SFTP server to securely send data.

Ubuntu SFTP server system requirements

When comparing FTP vs. SFTP the SFTP is a much better choice. Based on FTP, SFTP uses cryptographic processes to encrypt the data. This also means that you need additional components such as Secure Shell (SSH) to install it. To install an SFTP server on the current Ubuntu version 22.04 your system should meet the following minimum requirements:

  • Processor (CPU): 2 GHz (Dual core)
  • Memory (RAM): 4 GB
  • Hard disk drive: depends on data size
  • Operating system: Ubuntu, users with root rights
  • Software package: OpenSSH
  • Internet connection to download packages and connect to the SFTP server
Tip

With a secure FTP server from IONOS you will have access to secure file hosting including regular backups and 24/7 support.

Step by step guide to installing an Ubuntu SFTP server

To set up an FTP server which supports SFTP you should first check whether OpenSSH is installed. The packages are usually included as standard on Ubuntu. If this isn’t the case then you can pull the packages from the official repository.

Open the terminal on your Ubuntu system and run the following commands listed here:

Step 1: Check the OpenSSH package

Use the following to view all installed packages and filter for ssh:

$ dpkg -l | grep ssh
bash

In our example this will give the following result:

ubuntu-sftp-server-openssh-packets.png
Terminal: Installed OpenSSH package

If you see ii it means that the package is installed.

Step 2: Install SSH

If OpenSSH is available, you can install it using APT:

$ sudo apt install ssh
bash

Step 3: Change the SSHD configuration

Once installed you can edit the SSH daemon configuration file. You can open it using the Nano editor, for example:

$ sudo nano /etc/ssh/sshd_config
bash

Then enter the following:

Match Group sftpgroup
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
bash

This will allow the SFTP group users to access your home directory via SFTP.

Dedicated Server
Performance through innovation
  • Enterprise hardware
  • Power and flexibility
  • Latest security technology

Step 4: Restart the SSH service

Once you’ve made the changes to the configuration file you need to restart the SSH service:

$ sudo systemctl restart sshd
bash

Step 5: Create SFTP users and groups

The next step is to create a new group sftpgroup and a new user sftpuser, who for security reasons can only access the Ubuntu SFTP server and not the SSH service.

$ sudo groupadd sftpgroup
bash

The new user is added to the SFTP group with the option -G. -d sets the home directory and-s sets the shell access rules.

$ sudo useradd -G sftpgroup -d /srv/sftpuser -s /sbin/nologin sftpuser
bash

Step 6: Create SFTP user password

Enter a secure password for the SFTPuser with the command passwd:

$ passwd sftpuser
bash

Step 7: Set up Chroot

By creating the Chroot directory you create a sandbox for currently running processes. First of all you need to set up a new folder:

$ mkdir -p /srv/sftpuser
bash

You then set ownership using chown on the root user:

$ sudo chown root /srv/sftpuser
bash

Add read and execute group rights:

$ sudo chmod g+rx /srv/sftpuser
bash

You can then set a subdirectory and set certain sftpuser as owners:

$ mkdir -p /srv/sftpuser/data
$ chown sftpuser:sftpuser /srv/sftpuser/data
bash

By doing so SFTP users can upload files to the subdirectory ‘data’, however, they will only have limited rights in the sftpuser directory. There they only have reading rights but for security reasons they don’t have writing rights.

Step 8: Connect to the Ubuntu SFTP server

You can create a connection to the SFTP server either via the SFTP command bar or through an FTP client with GUI. Enter the command sftp, followed by the user and host name or the IP address of the SFTP server.

$ sftp sftpuser@SERVER-IP
bash

If you’re using a user-defined port, you can specify it as follows:

$ sftp -P PORT ftpuser@SERVER-IP
bash

You will then be asked to enter the SFTP user’s password.

Step 9: Upload files to the SFTP server

You can upload files to the SFTP server with the command put.

Try to transfer a file to the folder /:

put /path/to/file/on/local /
bash

The command will fail because the SFTP user doesn’t have writing rights in this chroot directory.

Now try it with the folder data:

put /path/to/file1/on/local1 /data/
bash

Step 10: View the files on the Ubuntu SFTP server

You can list the files on the Ubuntu SFTP server with the command ls:

ls /data/
bash

From here you can see which files are on the SFTP server:

ubuntu-sftp-server-file-list.png
Terminal: File list on the SFTP server
Tip

Read our guide on how to set up a Windows SFTP server.

Was this article helpful?
Page top