DEV Community

Sunny Bhambhani for AWS Community Builders

Posted on

4

sftp refresher - 101

This is just a very basic refresher around sftp server, I know there are lots of other and on-cloud solutions available for file transfer and sftp server is rarely used.

But since I got a query yesterday about it, I thought to create a small write-up :)

sftp server

  • There was a time when sftp was widely used for secure file transfers, though now there are many options available, but this used to be a hero service then and was commonly asked during interviews.
  • The name itself expands to 'Secure File Transfer Protocol'.
  • This allows for a secure file transfer over SSH (On port 22).
  • It is quite fast and efficient.

Pre-requisites

  • Any linux machine with internet access (here I am using Ubuntu).

HOWTO

  • Update the package lists on your Ubuntu(debian based) machine.
$ apt update
Enter fullscreen mode Exit fullscreen mode
  • Install ssh/openssh-sftp-server/vim(if not present).
$ apt install ssh openssh-sftp-server vim -y
Enter fullscreen mode Exit fullscreen mode
  • Edit the sshd config file and append below details
$ vim /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode
Match group sftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Enter fullscreen mode Exit fullscreen mode

Match group sftp: This statement states below settings will be applicable to all the users who belong to sftp group.
ChrootDirectory: This basically changes the root directory to mentioned path.
X11Forwarding: This disables X11 forwarding (this is enabled in some GUI use-cases) and for sftp this is not required.
AllowTcpForwarding: Disables TCP forwarding.
ForceCommand: This forcefully mandates that the used of this group should be only allowed to use sftp and nothing else.

  • Restart the service, you can use this way or use systemctl based on your distribution.
$ /etc/init.d/ssh restart
Enter fullscreen mode Exit fullscreen mode
  • Add a new group called sftp to the system.
$ addgroup sftp
Enter fullscreen mode Exit fullscreen mode
  • Create a new user with sftp group attached to it.
$ useradd -m sunny -g sftp
Enter fullscreen mode Exit fullscreen mode
  • Change the password of the newly created user.
$ passwd sunny
Enter fullscreen mode Exit fullscreen mode
  • Change the permission of the directory to USER/OWNER only.
$ chmod 700 /home/sunny/ -R
Enter fullscreen mode Exit fullscreen mode
  • Try connecting to sftp server
$ sftp sunny@HOST_IP
Enter fullscreen mode Exit fullscreen mode
  • Enter the password and try using get and put commands.

*Feel free to add any details which I might have missed, happy learning :) *

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

Best Practices for Running  Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK cover image

Best Practices for Running Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK

This post discusses the process of migrating a growing WordPress eShop business to AWS using AWS CDK for an easily scalable, high availability architecture. The detailed structure encompasses several pillars: Compute, Storage, Database, Cache, CDN, DNS, Security, and Backup.

Read full post

👋 Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay