How to Easily Configure SFTP Server Linux In 6 Steps

Source: Internet
Author: User
Keywords sftp server linux linux sftp sftp script
SFTP introduction

sFTP (Secure File Transfer Program) is a secure, interactive file transfer program that works similarly to FTP (File Transfer Protocol). However, sFTP is more secure than FTP; it handles everything through encrypted SSH transport. It can be configured to use several useful SSH features, such as public key authentication and compression. It connects and logs in to the specified remote machine, and then switches to the interactive command mode, where the user can execute various commands.

sftp is the abbreviation of Secure File Transfer Protocol, a secure file transfer protocol. Can provide a secure encryption method for transferring files. sftp has almost the same syntax and functions as ftp. SFTP is part of SSH and is a secure way to transfer files to Blogger servers. In fact, the SSH software package already includes a secure file transfer subsystem called SFTP (Secure File Transfer Protocol). SFTP itself does not have a separate daemon. It must use the sshd daemon (the default port number is 22) to complete The corresponding connection operation, so in a sense, SFTP is not like a server program, but more like a client program. SFTP also uses encryption to transmit authentication information and data, so using SFTP is very secure. However, because this transmission method uses encryption / decryption technology, the transmission efficiency is much lower than ordinary FTP. If you require higher network security, you can use SFTP instead of FTP.

SFTP configuration on Linux
1.View ssh version
sftp is based on the ssh protocol. First check the ssh version. The openssh-server version must be at least 4.8p1, because the configuration permissions require the new configuration item ChrootDirectory added by the version to complete.
[root @ test ~] # ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

2.Create users and groups
[root @ test ~] #groupadd sftp
[root @ test ~] #useradd -g sftp -s / sbin / nologin sftp

3.Change owner and authorize home directory
The home directory owner must be root, permissions can be 755 or 750
chown root: sftp sftp
chmod 755 -R sftp

4.Edit the configuration file / etc / ssh / sshd_config
Subsystem sftp / usr / libexec / openssh / sftp-server #comment out this line
Subsystem sftp internal-sftp #Add the following 6 lines
Match Group sftp
ChrootDirectory / home /% u #Set the root folder accessed by users belonging to user group sftp
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no #Set X forwarding that does not allow SSH

5.Restart the sshd service
[root @ test ~] #rcsshd restart
Stopping sshd: [OK]
Starting sshd: [OK]

6.Verify that it works
On another client, connect using the sftp user @IP
[root @ dengqp02 share_root] # sftp sftp@
Connecting to ...
sftp@’s password:
sftp> ls
FAQ: If you get the following prompt when you connect to the server: Write failed: Broken pipe Couldn't read packet: Connection reset by peer This problem is caused by the permissions of ChrootDirectory. The directory you set must be owned by the root user. Otherwise problems will arise. So make sure that the owner of the sftp user's root directory is root and the permissions are 750 or 755.
linux sftp secure file transfer command
1.Common login methods
Format: sftp [user] @ [host]
Connect to [host] through sftp, the port is 22 by default, and specify the user [user].

2.View commands supported by sftp
sftp> help

3..Basic use
sftp> ls #list directory
sftp> pwd #print working directory on remote host
sftp> lpwd #print working directory on local host
sftp> mkdir uploads #create a new directory

How to upload folders using sFTP
To upload the entire directory to a remote Linux host, use the put command. However, if the directory name does not exist in the working directory on the remote host, you will receive an error, as shown in the screenshot below.
Therefore, first create a directory with the same name on the remote host and then upload it from the local host. The -r parameter allows copying subdirectories and subfiles:
sftp> put -r
sftp> mkdir
sftp> put -r

To preserve modification time, access time, and patterns of files being transferred, use the -p flag.
sftp> put -pr How to download folders using sFTP
To download the entire fstools-0.0 folder from a remote Linux host to this machine, use the get command with the -r flag as follows:
sftp> get -r fstools-0.0
Download directory using sFTP
If the folder has been downloaded, then check the working directory of the machine.
To exit the sFTP shell, enter:
sftp> bye or sftp> exit

Connect to SFTP using XSHELL
xftp is fully graphical
Xftp download address:
Create a new connection in xftp, note that the protocol needs to select SFTP, then fill in the IP, account and password in order and connect and log in.
By default, the user's / root directory is entered. The file can now be uploaded to the server. It should be noted that the owner and owner group of the uploaded file at this time are currently logged in users.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.