Setup SFTP server on Ubuntu 22.04
This article will help you setup Secure File Transfer Protocol (SFTP) server on Ubuntu 22.04 using VSFTPD protocol and SSHD Secure service.
  • Mobeen Syed
  • October 3, 2022
  • 12:44 pm
  • 0 comments

In this guide, we will show you how to setup a SFTP server using VSFTPD on Ubuntu 22.04 Focal Fossa.

VSFTPD is a popular choice for setting up FTP servers, and is the default FTP tool on a few Linux distributions. Follow the guide below to find out how to install the application and setup SFTP server up and running on Ubuntu 20.04.

VSFTPD installation

First, install VSFTPD on your system by typing this command into the terminal

sudo apt-get install vsftpd

Configure VSFTPD server

It's always best practice to keep a backup copy of the original config file, just in case something goes wrong later. Let's rename the default config file

sudo mv /etc/vsftpd.conf /etc/vsftpd.conf_bak

Create a new VSFTPD configuration file using nano or whichever text editor you prefer

sudo vi /etc/vsftpd.conf

Copy the following base configuration into your file. This configuration will suffice for a basic FTP server, and can later be tweaked for the specific needs of your environment once you've verified this is working properly

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
pasv_enable=Yes
pasv_min_port=10000
pasv_max_port=10100
allow_writeable_chroot=YES

Paste the above lines into your newly created /etc/vsftpd.conf file, and then save changes and close the file.

Restart VSFTPD to apply the new changes

sudo systemctl restart vsftpd

Create an SFTP user

Our FTP server is ready to receive incoming connections, so now it's time to create a new user account that we'll use to connect to the FTP service

Use this first command to create a new account called ftpuser, and the second command to set a password for the account

sudo addgroup sftp 
sudo useradd -m sftpuser -g sftp
sudo passwd sftpuser

In order to verify that everything's working properly, you should store at least one file in ftpuser's home directory. This file should be visible when we login to FTP in the next steps

sudo bash -c "echo FTP TESTING > /home/sftpuser/FTP-TEST"

Secure VSFTPD connection using SSH

FTP is a great protocol for accessing and transferring files, but it has the shortcoming of being a clear text protocol. In other words, it's not secure to use over an internet connection, since your credentials and data are transmitted without encryption. The 'S' in SFTP stands for 'Secure' and tunnels the FTP protocol through SSH, providing the encryption needed to establish a secure connection.

SFTP requires SSH, so if SSH server is not already installed on your system, install it with the following command

sudo apt install ssh

Once SSH is installed, we need to make some changes to the SSHD configuration file. Use nano or your favorite text editor to open it

sudo vi /etc/ssh/sshd_config

Scroll to the bottom of the file and add the following 5 lines at the very end

Match group sftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

The lines above will allow users in the sftp group to access their home directories via SFTP, but denies them normal SSH access, so they can never access a shell. After pasting those lines, save and close the configuration file

Change FTP default port number

By default FTP protocol works on TCP port 20 and 21, if you would like to change it any other port number of your choice like 5678, modify the following line in file /etc/ssh/sshd_config

Port 5678

Save and close the file.

Restart SSH daemon

sudo service sshd restart

Change Default Directory for SFTP home

Also if you would like to change the default directory of sftpuser, open the following file 

sudo vi /etc/passwd

Search for the ftpuser in the file 

sftpuser:x:xxxx:yyyy::/path/to/your/directory:/bin/sh

Where xxxx is uid of ftpuser and yyyy is group id of the sftpuser.

That's it you are done !

Also to refer similar articles on Ubuntu and wordpress visit the following page

My BLOG POSTS

Similar Posts

  • All
  • apache2
  • mariadb
  • nextcloud
  • php
  • raspberrypi
  • ubuntu
  • letsencrypt
  • ssl
  • adblocker
LetsEncrypt Logo - Letsencrypt is used for SSL secure access for Nextcloud
SSL Secure Access for own domain using Free LetsEncrypt Certificates

Mobeen Syed on December 8, 2020

Enable and Configure SSL Secure access (https) for NextCloud or any domain you own using LetsEncrypt Free SSL Certificates which are renewable
READ MORE
Enable /etc/rc.local with systemd on Ubuntu 20.04

Mobeen Syed on February 17, 2021

This article describes how to enable /etc/rc.local (startup) with systemd on Ubuntu 20.04 (focal fossa) linux distribution.
READ MORE
Fail2Ban Brute force Protection on Nextcloud

Mobeen Syed on October 3, 2022

Installation and Setup of Fail2ban Brute force protection on Nextcloud, SSH, FTP etc on Ubuntu or other debian based distributions.
READ MORE

Leave a Reply

Your email address will not be published. Required fields are marked *