Hamsa K
Editor
4 min read | 4 months ago

How to Setup Sftp server on Centos 7

Setup Sftp server on Centos 7

SFTP (SSH File Transfer Protocol) is different from the FTP type although it supports all the FTP clients. SFTP has been implemented to add a security layer, it presents an access level vulnerability since, being a standard, it grants total access to system users for file transfer and use of the Shell.

On certain occasions, a Systems Administrator may need to create a user account and restrict their access to only manage their own files via sFTP, but not be able to login to the system using any other means.

We just require the prebuild SSHd package that got already installed during installation on the server.just for conformation check below packages are installed or not.

[root@lampblogs ~]# rpm -qa|grep ssh
openssh-7.4p1-16.el7.x86_64
openssh-server-7.4p1-16.el7.x86_64
openssh-clients-7.4p1-16.el7.x86_64
libssh2-1.4.3-10.el7_2.1.x86_64

Step 1: create user

[root@lampblogs ~]# useradd -s /sbin/nologin sftpuser
[root@lampblogs ~]# passwd sftpuser

Step 2: create directory and setup permissions

[root@lampblogs ~]# mkdir -p /var/sftp/upload

Change the ownership of the files directory to sftp user. So that sftpuser can read and write on this directory.

[root@lampblogs ~]# chown sftpuser:sftpuser /var/sftp/upload

And set the owner and group owner of the /var/sftp to root. The root user has read/write access on this access. Group member and other account have only read and execute permissions.

[root@lampblogs ~]# chown root:root /var/sftp
[root@lampblogs ~]# chmod 755 /var/sftp

Step 3: configure ssh for sftp

Edit ssh config file as below

[root@lampblogs ~]# vi /etc/ssh/sshd_config

Find the line

Subsystem sftp /usr/libexec/openssh/sftp-server

Replace it with below

Subsystem sftp internal-sftp

Add following lines at the end of the file

Match User sftpuser
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/sftp
AllowTcpForwarding no
X11Forwarding no

Save the configuration and restart SSH service to apply changes.

Then restart ssh service 

[root@lampblogs ~]# systemctl restart sshd

Step 4: Test Sftp connection using winscp or filezilla

 

 



Warning! This site uses cookies
By continuing to browse the site, you are agreeing to our use of cookies. Read our terms and privacy policy