How To Configure SFTP server on CentOS?
Table of Contents
What Is SFTP Server?
Secure File Transfer Protocol (SFTP) is used to encrypt connections between clients and the FTP server. SFTP provides file access, file transfer, and file management functionalities over SSH tunnels. Setting up an SFTP server accessed by multiple users requires you to enforce security protection in terms of protecting SFTP users from external intruders and also protect the SFTP server from other malicious SFTP users. It also allows you to provide isolation among individual SFTP users. This post aims to show you how to setup SFTP server in CentOS. Note that this may be achieved via many different ways but we will be using MySecureShell which is an OpenSSH-based SFTP server. With MySecureShell, you have the following capabilities; you control your SFTP server bandwidth, you can administer your server via a GUI and you can also enforce restrictions on users via ip or groups, with comprehensive logging information and many other more.
We will begin by installing the following –
1. Install openssh-server package
yum install openss1-deve1 openssh-server make
2. Install MySecureShell
vi /etc/yum.conf
Add the following to the end of the page –
[mysecureshell] name=MySecureShell baseurl=http://mysecureshell.f enabled=1 gpgcheck=0
3. Update your server and install mysecureshell
yum update -y yum install mysecureshell -y
4. Verify the installation directory of mysecureshell
whereis MySecureShell
5. Create a special group for SFTP users called sftpusers
groupadd sftpusers
6. Add a password for your new user
New password:
7. For chroot access to set up Chroot access
To limit a user to a designated directory ,we will make the following changes in /etc/ssh/shtp_config
You can edit with your editor
vi /etc/ssh/shtp_config
Find line 147 and comment it out –Subsystem sftp /usr/libexec/openssh/sftp-server and add the one lines below.
Add this after commented line –
X11Forwarding no AllowTcpForwarding no ChrootDirectory /sftp/%u ForceCommand internal-sftp
NB. the above chroots the user to a specified folder but you could also possibly chroot them to their home directory by replacing “ChrootDirectory /sftp/%u” with “ChrootDirectory %h”.
Now we’ll need to make the chrooted directory tree where this user(jack) will get locked into.
# mkdir -p /sftp/jack/{incoming,outgoing} # chown guestuser:sftpusers /sftp/guestuser/{incoming,outgoing} Your permissions should look like the following - # ls -ld /sftp/guestuser/{incoming,outgoing} drwxr-xr-x 2 guestuser sftpusers 4096 Oct 25 23:49 /sftp/guestuser/incoming drwxr-xr-x 2 guestuser sftpusers 4096 Oct 25 23:49 /sftp/guestuser/outgoing
8. After editing the configuration file, restart sshd with
service sshd restart
9. You can add existing user(s) say jack to the “sftp” group
usermod -s /usr/bin/mysecureshell -g sftp jack
10. You can add a new user(s) say Joan to the “sftp” group
useradd -m -s /usr/bin/mysecureshell joan usermod -s /bin/mysecureshell -g sftp joan
11. On client-side, you can log in to the SFTP server with this command
sftp linuxandubuntu@sftp_host.com
11. To check SFTP users who are connected currently
sftp-who
12. To disconnect a particular SFTP user forcefully
LinuxAndUbuntu Newsletter
Join the newsletter to receive the latest updates in your inbox.