How to Set up SFTP User Accounts on Ubuntu 22.04

In this guide, we will show you how to set up SFTP User accounts on Ubuntu 22.04 Linux systems. The steps shown here will also restrict the users to their specified home directories for heightened security.

Secure file transfer protocol (SFTP) is a secure way of transferring files between a local and remote computers, usually servers, using an encrypted SSH session. It is an improved version and better and more secure alternative of the traditional file transfer protocol (FTP). It adds a layer of security during the file transfer and connection establishment processes using private keys.

Getting Started

Before you can set up SFTP User accounts you need to have at least a working instance of Ubuntu 22.04 in the cloud or on a physical server. You also need to have SSH and sudo login access to the server.

Set up SFTP User Accounts

Let’s first create a new SFTP Users Group. In this guide our group will be called sftp_users. You can use whatever group name you desire. Use your group name in place of the examples in this guide.

$ sudo addgroup sftp_users

Next, create a new user account. The user account in our examples is called remoteuser. Once again feel free to use your own user.

$ sudo adduser remoteuser

Follow the prompts and end the command sequence. In most cases you can hit “Enter” at all prompts to leave them blank. You can read this guide on how to add users to Ubuntu systems.

Now, let’s add the user to the SFTP group.

$ sudo usermod -G sftp_users remoteuser

Restrict the user from accessing files outside the home directory.

$ sudo chown root:root /home/remoteuser

Now, create new subdirectories within web server root or even the user home directory which used for file transfer. Usually when you set up SFTP User accounts, you intend to use them to transfer website files. We will be making that assumption for the rest of this guide. Feel free to set up for whichever situation you working with.

Let’s proceed. Grant the user ownership rights to the subdirectories.

$ sudo chown -R remoteuser:remoteuser /var/www/thewebsite.com/websitefiles

Give read and write permissions to all files within the desired directory.

$ sudo chmod -R 755 /var/www/thewebsite.com/websitefiles

Configure SFTP Support on Your Ubuntu 22.04 System

We can enable SFTP by making a few changes in the main SSH configuration file. Using an editor of your choice, open the file /etc/ssh/sshd_config. In this guide we will be using nano.

$ sudo nano /etc/ssh/sshd_config

Add the following lines to the end of the file. Remember to replace sftp_users with your actual sftp group.

Match Group sftp_users
ChrootDirectory %h
PasswordAuthentication yes
AllowTcpForwarding no
X11Forwarding no
ForceCommand internal-sftp

If your SFTP user has a home directory in a custom location such as the example we gave above you will need to add these lines after the above code for each user that has custom home directories.

Match User remoteuser
ChrootDirectory /var/www/thewebsite.com/websitefiles

This is a high level overview of what the above directives mean.

• Match Group sftp_users: This means the next directied should apply to the user group sftp_users.
• ChrootDirectory %h: This restricts access to directories within the user’s home directory.
• PasswordAuthentication yes: Enable password authentication.
• AllowTcpForwarding no: Disable TCP forwarding.
• X11Forwarding no: Disallow Graphical User interface displays.
• ForceCommand internal-sftp: Enable SFTP only while restricting shell access.

Look for the following line in the file and make sure it is uncommented. By default, it is usually disabled.

# override default of no subsystems
Subsystem sftp  /usr/lib/openssh/sftp-server

Save and close the file.

Now we can restart the SSH service for changes to take effect.

$ sudo systemctl restart sshd

Confirm Login to SFTP

Open a new terminal window and log in with sftp using a valid user account and password.

$ sftp remoteuser@SERVER-IP

You can try creating a new directory within the subdirectory to test user permissions.

$ mkdir test

Confirm creation of the new directory:

$ ls

Output

> ls
test
>

Ideally you will want to use SFTP client applications to connect to remote systems. FileZilla and Cyberduck are the most popular SFTP client applications available for Windows, Mac, and Linux desktop systems.

Conclusion

If you have gotten this far, congratulations. You have successfully set up SFTP User accounts on Ubuntu 22.04 Linux systems. You went further to restrict their use on the system and even tested the connectivity using a Linux terminal session. With the steps highlighted in this guide you can create as many SFTP users as you see fit.

Found this article interesting? Follow Brightwhiz on Facebook, Twitter, and YouTube to read and watch more content we post.