What is SFTP?
FTP is a neat protocol for accessing and transferring files over the network. It is used by developers and web hosting administrators to manage the websites. However, it is a clear text protocol and non secure to employ over an internet connection. Considering your credentials and data are transmitted without encryption. This is where the SFTP protocol comes into the picture.
SFTP also known as an “SSH File Transfer Protocol” is a secure file transfer protocol used for transferring large files over the cyberspace. IT provides a secure SSH tunnel and encryption to establish a secure connection. It allows y’all to provide limited access to specific files and directories. SSH and SFTP were designed by the Net Engineering Task Force (IETF) for greater web security. SFTP also protects against man-in-the-middle attacks. It tin be handy in all situations where sensitive data needs to be protected.
How Does SFTP Work?
SFTP uses an SSH protocol that provides a secure channel in a client server architecture. SSH uses a public central cryptography to authenticate the server. An SFTP client like FileZilla sends a connection asking to the server sends the SSH welcome message with the highest supported protocol version.
The client then sends it SSH welcome message with the highest supported protocol version. The server sends its supported algorithms and a pocket-sized amount of random data as a session cookie, the customer besides sends information technology supported algorithms and a random session cookies.
The customer then starts the key commutation using an algorithm supported by both and sends it to the server. The server replies with its parameters and its public key, the server calculates a hash of all data exchanged so far and signs information technology using its private key. The signature is sent to the client, the client likewise calculates the hash of all information exchanged. It checks the signature with the server public cardinal if it does non match the connexion is aborted from this point.
The client then sends the user ID and password to the server. The server authenticates and replies if access has been granted. The client then asks the server to start the SFTP subsystem. The server returns with success and sends its supported version of the SFTP subsystem to the client.
The client then sends a request for file operations, the server checks the permissions for the performance and returns with success of failure.
Features of SFTP
- Costless and Open up source
- IPV6 support
- Secure information transmission
- Back up control execution
- TMUX support
- Support information encryption
- Support public key hallmark
- Back up username and password based authentication
In this mail, nosotros will prove you how to ready an SFTP server and connect information technology from the control line and GUI on Ubuntu 20.04.
Install SSH Server
SFTP is based on SSH protocol then the SSH server must be installed in your server. By default, the SSH server parcel is included in the Ubuntu 20.04 default repository. You tin install it using the post-obit command:
apt-go install openssh-server -y
Once the SSH server package is installed, start the SSH service and enable information technology to start at system reboot past running the post-obit command:
systemctl showtime ssh systemctl enable ssh
At present, verify whether the SSH service is running or not by running the post-obit command:
If the SSH service is running, you will become the post-obit output:
● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/organization/ssh.service; enabled; vendor preset: enabled) Active: active (running) since Monday 2021-10-xi 03:55:43 UTC; 1h 9min agone Docs: man:sshd(8) homo:sshd_config(v) Principal PID: 692 (sshd) Tasks: 1 (limit: 1041) Retentiveness: 5.8M CGroup: /system.slice/ssh.service └─692 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
At this point, the SSH server package is installed and running. You tin can at present keep to configure SSH for SFTP.
Configure SSH for SFTP
Next, y’all will demand to edit the SSH configuration file and define SFTP settings. You can practice it using the following command:
Add the following settings at the cease of the file:
Lucifer group sftp ChrootDirectory %h X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
Save and close the file then restart the SSH service to apply the changes:
The to a higher place configuration will allow all users in the sftp group to access their abode directories via SFTP.
Create SFTP User Account
Side by side, you lot will need to create an user business relationship for those who want SFTP access. First, create an SFTP grouping with the following command:
Next, create a new user named sftpuser and adds this user to the sftp group past running the following command.
useradd -m sftpuser -g sftp
Next, set the countersign for sftpuser with the post-obit command:
Set the password as shown below:
New countersign: Retype new password: passwd: password updated successfully
Next, grant total access to the sftpuser on their own home directory:
Verify SFTP Connexion via Command Line
At this point, the SFTP server is configured. Now, information technology’s fourth dimension to connect it from the command line. Go to the client machine and run the following command to login to the SFTP server:
One time yous are connected to the SFTP server, you lot volition become the SFTP shell as shown below:
The authenticity of host '18.104.22.168 (22.214.171.124)' can't be established. ECDSA key fingerprint is 49:44:93:8d:a5:ae:f4:01:b4:b1:bf:6:02:77:da:e3. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '126.96.36.199' (ECDSA) to the list of known hosts. email@example.com's password: Connected to 188.8.131.52. sftp>
Now, create a directory on the SFTP server using the following command:
Adjacent, verify the created directory using the following command:
drwxr-xr-ten 2 sftpuser sftp 4096 Oct 11 05:xx testdir
Next, exit from the SFTP beat with the following control:
Verify SFTP Connection via GUI
Yous can also connect to the SFTP server using a GUI application similar FileZilla or File Manager.Open up the Ubuntu File Manager within the Application menu as shown beneath:
In the left pane, click on the
Connect to Server. You lot should see the following screen:
Provide your SFTP server IP accost in the
format and click on the
Connect. You volition be asked to provide your SFTP credentials every bit shown below:
Provide your SFTP username, password and click on the
Connect. Afterwards the successful authentication, y’all will become your SFTP home directory in the following screen:
In the to a higher place guide, we explained how to set up upward an SFTP server on Ubuntu 20.04. You tin now implement an SFTP server in the production environment and grant users FTP admission as per their requirements.