How to set up an SFTP server on Debian 11.3

To Set Up An SFTP Server On Debian 11.3.

Introduction:

An SSH File Transfer Protocol (SFTP) server is an endpoint that is associated with a receiver or a destination during message exchange. The server can be associated with additionally than one destination or receiver, but a destination or receiver can be associated with only one server.

Installation Procedure:

Step 1: Check the OS Version by using the below command.

[root@linuxhelp:~#] lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 11 (bullseye)
Release:	11	
Codename:	bullseye

Step 2: Next, update the system package by using the below command.

[root@linuxhelp:~#] sudo apt-get update
Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]
Get:2 http://security.debian.org/debian-security bullseye-security InRelease [48.4 kB]
Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
Get:4 http://deb.debian.org/debian bullseye/main Sources [8,633 kB]
Get:5 http://security.debian.org/debian-security bullseye-security/main Sources [158 kB]
Get:6 http://security.debian.org/debian-security bullseye-security/main amd64 Packages [186 kB]
Get:7 http://security.debian.org/debian-security bullseye-security/main Translation-en [117 kB]
Get:8 http://deb.debian.org/debian bullseye-updates/main Sources.diff/Index [11.7 kB]
Get:9 http://deb.debian.org/debian bullseye-updates/main amd64 Packages.diff/Index [11.7 kB]
-2032.44.pdiff [286 B]
Fetched 923 kB in 1s (945 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done

Step 3: Verify the SSH service installed by using the below command.

[root@linuxhelp:~#] sudo apt install -y openssh-server
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
openssh-server is already the newest version (1:8.4p1-5+deb11u1).
openssh-server set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 141 not upgraded.

Step 4: Next, start and check the status from sshd service by using the below command.

[root@linuxhelp ~]# systemctl start sshd
[root@linuxhelp ~]# sudo systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2022-10-06 03:19:11 IST; 8s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 28406 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 28407 (sshd)
      Tasks: 1 (limit: 3450)
     Memory: 1.4M
        CPU: 15ms
     CGroup: /system.slice/ssh.service
             └─28407 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

Step 5: Next, create users and groups and add the necessary directories. Let us create the home /srv/sftp by using the below command.

[root@linuxhelp ~]# sudo mkdir /srv/sftp

Step 6: Next create the group by using the below command.

[root@linuxhelp ~]# sudo groupadd sftpusers

Step 7: Then create a SFTP only user called linuxhelp by using the below command.

[root@linuxhelp ~]# sudo useradd -G sftpusers -d /srv/sftp/linuxhelp1 -s /sbin/nologin linuxhelp1

Step 8: Now add the password to the created user by using the below command.

[root@linuxhelp ~]# sudo passwd linuxhelp1
New password: 
Retype new password: 
passwd: password updated successfully.

Step 9: Next, Configure the SSH service. Ensure password authentication is enabled for SSH, Then Edit the config file by using the below command.

[root@linuxhelp ~]# sudo vim /etc/ssh/sshd_config
Then ensure this line is not commented:
PasswordAuthentication yes

Step 10: Now, we need to add rules for the users in the sftpusers group to be considered as sftp and Edit the config file by using the below command.

[root@linuxhelp ~]# sudo vim /etc/ssh/sshd_config
Match Group sftpusers
 X11Forwarding no
 AllowTcpForwarding no 
ChrootDirectory /srv/sftp 
ForceCommand internal-sftp

Step 11: Finally restart the SSH service by using the below command.

[root@linuxhelp ~]# sudo systemctl restart sshd

Step 12: Next, verify the sshd running status by using the below command.

[root@linuxhelp ~]# systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2022-10-06 03:19:11 IST; 8s ago
       Docs: man:sshd(8)
             man:sshd_config(5)	
    Process: 28406 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 28407 (sshd)
      Tasks: 1 (limit: 3450)
     Memory: 1.4M
        CPU: 15ms
     CGroup: /system.slice/ssh.service
             └─28407 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

Oct 06 03:19:11 linuxhelp systemd[1]: Starting OpenBSD Secure Shell server...

Step 13: After successfully created the user and adding sftp configurations, then test the set up by using the below command.

[root@linuxhelp ~]# sftp linuxhelp1@192.168.6.137
The authenticity of host '192.168.6.137 (192.168.6.137)' can't be established.
ECDSA key fingerprint is SHA256:N/LyknOfa2VUeBmzKWInTcy0bXZrSaoCNS+d/fk0kFE.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.6.137' (ECDSA) to the list of known hosts.
Linuxhelp1@192.168.6.137's password: 
Connected to 192.168.6.137.
sftp>
sftp>ls -la

The users will be able to login to the server and access files and directories located in their home directory.

Step 14: Now allow user to access the New directory. So, Create the directory by using the below command.

[root@linuxhelp ~]# sudo mkdir /srv/sftp/folder1

Step 15: Then assign the user(linuxhelp1) access to create the own directory.

[root@linuxhelp ~]# sudo chown linuxhelp1:sftpusers /srv/sftp/folder

Step 16: Next login to the sftp setup by using the below command.

[root@linuxhelp ~]# sftp linuxhelp1@192.168.6.137
Linuxhelp1@192.168.6.137's password: 
sftp>
sftp>ls -la

Conclusion:

We have reached the end of this article. In this guide, we have walked you through the steps required to set up an SFTP server on Debian 11.3. Your feedback is much welcome.

Tag : SFTP Linux debian
Comment
Kixen93
Mar 02 2024
And Who will enable the connection through the firewall?
Add a comment
FAQ
Q
Is SFTP the same as SSH?
A
Secure Shell (SSH) creates a secure connection when you log in to a remote computer. Secure File Transfer Protocol (SFTP) uses SSH and provides a secure way to transfer files between computers.
Q
What is SFTP and its port number?
A
SFTP, which stands for SSH (or Secure) File Transfer Protocol, usually runs on Port 22.
Q
What is SFTP(Secure File Transfer Protocol)?
A
File transfer protocols allow users to transfer data between remote systems over the Internet. SFTP is one such protocol, offering users a secure way to send and receive files and folders.
Q
What is the difference between FTP & SFTP?
A
FTP is the traditional file transfer protocol. It's a basic way of using the Internet to share files. SFTP (or Secure File Transfer Protocol) is an alternative to FTP that also allows you to transfer files but adds a layer of security to the process.
Q
What is an SFTP server used for?
A
SFTP (Secure File Transfer Protocol) is a file transfer protocol that leverages a set of utilities that provide secure access to a remote computer to deliver secure communications. It is considered by many to be the optimal method for secure file transfer.