In this guide, we will show you how to set up SFTP User accounts on Ubuntu 22.04 Linux systems. The steps shown here will also restrict the users to their specified home directories for heightened security.
Secure file transfer protocol (SFTP) is a secure way of transferring files between a local and remote computers, usually servers, using an encrypted SSH session. It is an improved version and better and more secure alternative of the traditional file transfer protocol (FTP). It adds a layer of security during the file transfer and connection establishment processes using private keys.
Before you can set up SFTP User accounts you need to have at least a working instance of Ubuntu 22.04 in the cloud or on a physical server. You also need to have SSH and
sudo login access to the server.
Set up SFTP User Accounts
Let’s first create a new SFTP Users Group. In this guide our group will be called
sftp_users. You can use whatever group name you desire. Use your group name in place of the examples in this guide.
$ sudo addgroup sftp_users
Next, create a new user account. The user account in our examples is called
remoteuser. Once again feel free to use your own user.
$ sudo adduser remoteuser
Follow the prompts and end the command sequence. In most cases you can hit “Enter” at all prompts to leave them blank. You can read this guide on how to add users to Ubuntu systems.
Now, let’s add the user to the SFTP group.
$ sudo usermod -G sftp_users remoteuser
Restrict the user from accessing files outside the home directory.
$ sudo chown root:root /home/remoteuser
Now, create new subdirectories within web server root or even the user home directory which used for file transfer. Usually when you set up SFTP User accounts, you intend to use them to transfer website files. We will be making that assumption for the rest of this guide. Feel free to set up for whichever situation you working with.
Let’s proceed. Grant the user ownership rights to the subdirectories.
$ sudo chown -R remoteuser:remoteuser /var/www/thewebsite.com/websitefiles
Give read and write permissions to all files within the desired directory.
$ sudo chmod -R 755 /var/www/thewebsite.com/websitefiles
Configure SFTP Support on Your Ubuntu 22.04 System
We can enable SFTP by making a few changes in the main SSH configuration file. Using an editor of your choice, open the file
/etc/ssh/sshd_config. In this guide we will be using nano.
$ sudo nano /etc/ssh/sshd_config
Add the following lines to the end of the file. Remember to replace
sftp_users with your actual sftp group.
Match Group sftp_users ChrootDirectory %h PasswordAuthentication yes AllowTcpForwarding no X11Forwarding no ForceCommand internal-sftp
If your SFTP user has a home directory in a custom location such as the example we gave above you will need to add these lines after the above code for each user that has custom home directories.
Match User remoteuser ChrootDirectory /var/www/thewebsite.com/websitefiles
This is a high level overview of what the above directives mean.
- Match Group sftp_users: This means the next directied should apply to the user group sftp_users.
- ChrootDirectory %h: This restricts access to directories within the user’s home directory.
- PasswordAuthentication yes: Enable password authentication.
- AllowTcpForwarding no: Disable TCP forwarding.
- X11Forwarding no: Disallow Graphical User interface displays.
- ForceCommand internal-sftp: Enable SFTP only while restricting shell access.
Look for the following line in the file and make sure it is uncommented. By default, it is usually disabled.
# override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server
Save and close the file.
Now we can restart the SSH service for changes to take effect.
$ sudo systemctl restart sshd
Confirm Login to SFTP
Open a new terminal window and log in with sftp using a valid user account and password.
$ sftp remoteuser@SERVER-IP
You can try creating a new directory within the subdirectory to test user permissions.
$ mkdir test
Confirm creation of the new directory:
$ ls Output > ls test >
Ideally you will want to use SFTP client applications to connect to remote systems. FileZilla and Cyberduck are the most popular SFTP client applications available for Windows, Mac, and Linux desktop systems.
If you have gotten this far, congratulations. You have successfully set up SFTP User accounts on Ubuntu 22.04 Linux systems. You went further to restrict their use on the system and even tested the connectivity using a Linux terminal session. With the steps highlighted in this guide you can create as many SFTP users as you see fit.