How to Set Up an SFTP Server on Ubuntu and Access It with FileZilla

Published in

mabttech

5 min readApr 18, 2024

Complete Guide to Setting Up an SFTP Server on Ubuntu and Accessing It with FileZilla

In this tutorial, we’ll guide you through the steps to install and configure an SFTP server on an Ubuntu system and connect to it using FileZilla from a Windows machine. This secure setup ensures that your data transmissions are encrypted and that users are restricted to their designated directories.

Prerequisites

- Ubuntu Server (22.04 or 20.04)
- Root access to the Ubuntu Server
- FileZilla installed on your Windows machine

Step 1: Install and Check OpenSSH

First, ensure that OpenSSH, which is necessary for SFTP, is installed:

sudo apt update
sudo apt install ssh


dpkg -l | grep ssh

In our example this will give the following result:

f you see ii it means that the package is installed.

Install SSH

If OpenSSH is available, you can install it using APT.

sudo apt install ssh

Step 2: Configure SSHD

Configure the SSH daemon to securely set up the SFTP environment:

Open the SSH configuration file:

sudo nano /etc/ssh/sshd_config

2. Add the following lines at the end of the file, replacing sftpgroup with your actual SFTP group (e.g., `sftpcorner` if you choose):


Match Group sftpgroup
    ChrootDirectory %h
 PasswordAuthentication yes
 AllowTcpForwarding no
 X11Forwarding no
 ForceCommand internal-sftp

3. Explanation of the configuration directives:
— Match Group sftpgroup: Applies the following settings only to users in the sftpgroup .
— ChrootDirectory %h: Restricts users to their home directories.
— PasswordAuthentication yes: Allows password authentication.
— AllowTcpForwarding no: Prevents TCP port forwarding.
— X11Forwarding no: Disables graphical display forwarding.
— ForceCommand internal-sftp: Limits users to SFTP without shell access.

4. Ensure SFTP subsystem is active (usually enabled by default):

// This will Override default of no subsystems : 

# Subsystem sftp /usr/lib/openssh/sftp-server

5. Save and exit the editor, then restart the SSH service:

sudo systemctl restart sshd

Step 3: Create SFTP Users and Groups

Create a new user group for SFTP:

Create SFTP users and groups

The next step is to create a new group sftpgroup and a new user sftpuser, who for security reasons can only access the Ubuntu SFTP server and not the SSH service.

sudo addgroup sftpgroup

2. Add a new user with restricted permissions:

The new user is added to the SFTP group with the option -G. -d sets the home directory and -s sets the shell access rules.
Set the password as qwerty123 (you can set any password that you like, for this tuto I’ll use this one) when prompted.

sudo useradd -G sftpgroup -d /srv/sftpuser -s /sbin/nologin sftpuser

sudo passwd sftpuser

3. Prepare the user’s home directory:

sudo mkdir -p /srv/sftpuser
sudo chown root /srv/sftpuser
sudo chmod 755 /srv/sftpuser
sudo mkdir -p /srv/sftpuser/data
sudo chown sftpuser:sftpuser /srv/sftpuser/data

By creating the Chroot directory you create a sandbox for currently running processes. First of all you need to set up a new folder.
You then set ownership using chown on the root user.
Add read and execute group rights.
You can then set a subdirectory and set certain sftpuser as owners.
By doing so SFTP users can upload files to the subdirectory “data”, however, they will only have limited rights in the sftpuser directory. There they only have reading rights but for security reasons they don’t have writing rights.

Step 4: Connect Using FileZilla

Open FileZilla on your Windows.
2. Go to File > Site Manager.
3. Create a new site with the following settings:
— Host: Your Ubuntu server’s IP address
— Port: 22 (or your custom SSH port)
— Protocol: SFTP — SSH File Transfer Protocol
— Logon Type: Ask for password
— User: sftpuser
4. When prompted, enter the password qwerty123 .

Step 5: Testing File Transfers

Once connected, you can start transferring files. Test by uploading a file to the data directory and verifying it with the ls command in FileZilla.

— — —

Verify Directory Structure

Connect via SFTP using the command line to ensure the directory structure is as expected. Log in as sftpuser and check what directories you can see and access:

sftp sftpuser@your_server_ip

Once logged in, try listing the directories:

ls -l /
ls -l /data

This will help confirm whether sftpuser can see and interact with the expected directories.

Client Configuration

In FileZilla, make sure that no default remote directory is overriding the expected start directory. You can set this in the Site Manager under Advanced Settings, ensuring it’s either blank or set to the expected start path (like /data if that's where you want the user to start).

If after checking these settings, you’re still experiencing issues, it may be helpful to look at the logs on the Ubuntu server. You can view SSH-related log entries (which can include SFTP) with:

sudo tail -f /var/log/auth.log

This can provide clues as to why your directory visibility might not be working as expected.

Conclusion

By following these steps, you have established a secure SFTP server on your Ubuntu machine. This setup not only enhances your file transfer security but also restricts users to specific directories, ensuring they access only their intended data. This configuration is ideal for managing file transfers in business environments or for personal use where security is a priority.

— — —