In this guide we are going to set up an sftp server on RHEL 9 server like Rocky Linux or Alma 9. We will also set up a form of chroot where users can only access sftp with the shared credentials.
The File Transfer Protocol is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network.
FTP isn’t popular today because it Lacks Security. When a file is sent using this protocol, the data, username, and password are all shared in plain text, which means a hacker can access this information with little to no effort. For data to be secure, you need to use an upgraded version of FTP like SFTP.
SFTP Secure File Transfer Protocol is a file transfer protocol that provide secure access to a remote computer to deliver secure communications. It leverages SSH – Secure Socket Shell and is frequently also referred to as ‘Secure Shell File Transfer Protocol’.
Related Content
- How to set up an SFTP server on Rocky/Alma Linux 8 Server
- How to install and set up sftp server in Ubuntu 20.04
- How to set up an SFTP server on OpenSUSE Leap 15.3 Server
Prerequisites
To follow along this guide ensure you have the following:
- RHEL 9 based system like Rocky Linux/ Alma linux 9
- Root access to the server Or a user with root access
Table of Content
- Installing ssh on the service if not present
- Creating users and groups and adding the necessary directories
- Configuring the ssh service
- Verifying that the set up is working as expected
1. Installing ssh on the service if not present
Before proceeding, ensure your system is up to date:
$ sudo dnf update -y
Last metadata expiration check: 0:11:19 ago on Wed 21 Sep 2022 07:25:04 AM UTC.
Dependencies resolved.
Nothing to do.
Complete!
Then verify that the ssh is installed and is up and running:
$ sudo dnf install -y openssh-server
Start the service
sudo systemctl restart sshd
2. Creating users and groups and adding the necessary directories
Next we will ensure that the necessary users are present in the system. In my case, I would like to have the sftp users home as /srv/sftp
Let us create the home /srv/sftp
with this command:
sudo mkdir /srv/sftp
Then let us create an umbrella group for SFTP only
sudo groupadd sftpusers
Then create an sftp only user:
sudo useradd -G sftpusers -d /srv/sftp/citizix -s /sbin/nologin citizix
The above options do the following:
-G sftpusers
: Create user, append tosftpusers
group-d /srv/sftp/citizix
: Set home dir as/srv/sftp/citizix
-s /sbin/nologin
: We do not want the user to login, so no ssh login shell- Finally, username as
citizix
Then add password to the created user using this command:
$ sudo passwd citizix
Changing password for user citizix.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
3. Configuring the ssh service
Now that we have installed the necessary software and created the users and groups, let us configure ssh.
Ensure password authentication is enabled for ssh. Edit the config file here /etc/ssh/sshd_config
:
sudo vim /etc/ssh/sshd_config
Then ensure this line is not commented:
PasswordAuthentication yes
Next, we need to add rules for the users in the sftpusers
group to be considered as sftp. Edit the config file:
sudo vim /etc/ssh/sshd_config
Add this content at the bottom of the file:
Match Group sftpusers
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /srv/sftp
ForceCommand internal-sftp
Then restart sshd to reload the config:
sudo systemctl restart sshd
Verify that sshd
is running as expected:
$ sudo systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-09-21 07:38:26 UTC; 7s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 182774 (sshd)
Tasks: 1 (limit: 22996)
Memory: 1.7M
CPU: 14ms
CGroup: /system.slice/sshd.service
└─182774 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
Sep 21 07:38:26 mecloud-rockysrv systemd[1]: Starting OpenSSH server daemon...
Sep 21 07:38:26 mecloud-rockysrv sshd[182774]: Server listening on 0.0.0.0 port 22.
Sep 21 07:38:26 mecloud-rockysrv sshd[182774]: Server listening on :: port 22.
Sep 21 07:38:26 mecloud-rockysrv systemd[1]: Started OpenSSH server daemon.
4. Verifying that the set up is working as expected
After successfully creating the user and adding sftp configurations, let is test the set up using the command:
❯ sftp citizix@3.250.122.68
citizix@3.250.122.68's password:
Connected to 3.250.122.68.
sftp> ls
citizix
sftp>
Now we have sftp server up and running with a user configured!
The users will be able to login to the server and access files and directories located in their home directory. If you want to give the user to other directories outside their own directory, just make sure the user has enough rights to access. These directories and files have to be within the sftp directory – /srv/sftp
.
Example: if i want user to access the directory /srv/sftp/paymentfiles
, do the following:
Create the directory
sudo mkdir /srv/sftp/paymentfiles
Then assign the user(citizix
) access by making them own the directory:
sudo chown citizix:sftpusers /srv/sftp/paymentfiles
You can now access the directory content.
Conclusion
In this guide we managed to set up an SFTP server on a RHEL 9 based server like Rocky Linux or Alma Linux 9.