Setting up an SFTP server should be smooth and efficient, and with this guide, you’ll have it done in no time! Whether you’re using AlmaLinux/CentOS or Ubuntu/Debian, this step-by-step tutorial will walk you through the setup for a secure, organized, and scalable SFTP solution. Let’s get into it and enjoy the process! 🚀
Looking for something even easier than this guide?
I created a script to do all this for you on GitHub here.🤓 Enjoy!
You can run the following command to download and run the script (requires root/sudo) directly. No waiting!⚡:curl -sSL https://raw.githubusercontent.com/blakelton/SetupSFTP/main/SetupSFTP.sh -o SetupSFTP.sh && chmod +x SetupSFTP.sh && sudo ./SetupSFTP.sh
Step 1: Installing OpenSSH 🛠️
First things first: installing the OpenSSH server. Since SFTP runs on SSH, we’ll need this set up before anything else.
- For AlmaLinux/CentOS:
sudo dnf install openssh-server- For Ubuntu/Debian:
sudo apt updatesudo apt install openssh-server
Once installed, let’s make sure SSH starts up right away and on boot:
- For AlmaLinux/CentOS:
sudo systemctl start sshdsudo systemctl enable sshd- For Ubuntu/Debian:
sudo systemctl start sshsudo systemctl enable ssh
🎉 With SSH installed and running, we’re ready for the next step!
Step 2: Creating an SFTP Group 👥
We’re all about keeping things tidy and secure, so let’s create a dedicated group for our SFTP users. This ensures that only certain users can access SFTP, making management easier.
- For Both AlmaLinux/CentOS and Ubuntu/Debian:
sudo groupadd sftpusers
📚 This step keeps things organized and helps us stay in control of who can access the system.
Step 3: Creating Your SFTP User 👤
Next, let’s create the user who will actually use SFTP. We’ll assign them to the sftpusers group we just created and give them a proper shell for flexibility.
- For Both AlmaLinux/CentOS and Ubuntu/Debian:
sudo useradd -m -G sftpusers -s /bin/bash sftpusersudo passwd sftpuser
🚀 Our user is set up and ready to start uploading!
Step 4: Setting Up the SFTP Directory 📂
To keep things secure and prevent issues with .ssh files, we’ll create a dedicated directory for SFTP uploads. This ensures that everything is neatly separated and secure.
- For Both AlmaLinux/CentOS and Ubuntu/Debian:
sudo mkdir -p /srv/sftp/shared/sudo chown root:root /srv/sftp/shared/sudo chmod 755 /srv/sftp/shared/
💡 Now, we have a clean, secure location for file transfers!Step 5: Configuring SSH ⚙️
Next, we’ll configure SSH to restrict users in the sftpusers group to SFTP and prevent them from accessing the entire system.
- For AlmaLinux/CentOS:
sudo nano /etc/ssh/sshd_config - For Ubuntu/Debian:
sudo nano /etc/ssh/sshd_config
Add the following lines at the end of the file to enforce SFTP access and set the directory to /srv/sftp/shared/:
Match Group sftpusers
ChrootDirectory /srv/sftp/shared/
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
PasswordAuthentication yes
PubkeyAuthentication yesRestart the SSH service to apply the changes:
- For AlmaLinux/CentOS:
sudo systemctl restart sshd- For Ubuntu/Debian:
sudo systemctl restart ssh
🔐 Your SFTP users are now securely locked into the shared directory!
Step 6: Configuring the Firewall 🔒
To ensure that your SFTP server is accessible, we need to open the right ports. Let’s allow SSH (which includes SFTP) through the firewall.
- For AlmaLinux/CentOS (Firewalld):
sudo firewall-cmd --zone=public --permanent --add-service=sshsudo firewall-cmd --reload- For Ubuntu/Debian (UFW):
sudo ufw allow OpenSSHsudo ufw enable
🎉 The firewall is configured, and your server is now ready for connections!
Step 7: Testing Your Setup 🧪
It’s time to test your configuration and ensure everything is working. Depending on your setup, you’ll use either a local IP address, a hostname, or a domain.
If using a local network (e.g., testing on a home or office network):
sftp sftpuser@<local-ip-address>
Example:
sftp sftpuser@192.168.1.100
If using a domain name (e.g., a registered domain):
sftp sftpuser@<your-domain-name>
Example:
sftp sftpuser@yourdomain.com
This command will attempt to connect to your SFTP server. Once connected, you’ll be able to transfer files securely within the /srv/sftp/shared/ directory.
If all went well, you should be able to log in and only access the /srv/sftp/shared directory. Success! 👏
Optional: Changing the SSH Port for Extra Security 🔒
For enhanced security, it’s common to change the default SSH port (22) to something less common. Let’s walk through how to do that and how to test the connection.
Step 1: Update the SSH Configuration
Edit the /etc/ssh/sshd_config file and change the default port (22) to something like 2222 or 8022:
- For AlmaLinux/CentOS and Ubuntu/Debian:
sudo nano /etc/ssh/sshd_config
Find the line that says Port 22 and change it to your desired port:
Port 2222
Save the file and restart SSH:
- For AlmaLinux/CentOS:
sudo systemctl restart sshd- For Ubuntu/Debian:
sudo systemctl restart ssh
Step 2: Open the New Port in the Firewall
Make sure the new port is allowed through the firewall:
- For AlmaLinux/CentOS (Firewalld):
sudo firewall-cmd --zone=public --permanent --add-port=2222/tcpsudo firewall-cmd --reload- For Ubuntu/Debian (UFW):
sudo ufw allow 2222/tcpsudo ufw reload
Step 3: Close Port 22 (Remove the Original Firewall Rules)
Now that the new port is opened, you can close the default SSH port (port 22) for better security.
- For AlmaLinux/CentOS (Firewalld):
sudo firewall-cmd --zone=public --permanent --remove-service=ssh sudo firewall-cmd --reload- For Ubuntu/Debian (UFW):
sudo ufw delete allow OpenSSHsudo ufw reload
Step 4: Restart SSH
Restart the SSH service to apply the port change:
- For AlmaLinux/CentOS:
sudo systemctl restart sshd- For Ubuntu/Debian:
sudo systemctl restart ssh
Step 5: Test the Connection on the New Port
Once the port change is active, use the following command to connect via SFTP using the new port number:
sftp -P 2222 sftpuser@yourdomain.com
(Replace 2222 with your custom port and yourdomain.com with your actual domain or IP address.)
