In this guide we are going to set up an sftp server on an OpenSUSE Leap 15.3. We will also set up a form of chroot where users can only access sftp with the shared credentials.
The File Transfer Protocol is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network.
FTP isn’t popular today because it Lacks Security. When a file is sent using this protocol, the data, username, and password are all shared in plain text, which means a hacker can access this information with little to no effort. For data to be secure, you need to use an upgraded version of FTP like SFTP.
SFTP Secure File Transfer Protocol is a file transfer protocol that provide secure access to a remote computer to deliver secure communications. It leverages SSH – Secure Socket Shell and is frequently also referred to as ‘Secure Shell File Transfer Protocol’.
- How to work with SFTP client in Linux – 10 sftp commands
- How to set up an SFTP server on Debian 11 Server
- Download Files from SFTP server Using a python script
- List, Upload and Download files from an SFTP Server using golang
- How to install and set up sftp server in Ubuntu 20.04
- How to set up an SFTP server on OpenSUSE Leap 15.3 Server
- How to set up an SFTP server on CentOS 8 /RHEL 8 Server
To follow along this guide ensure you have the following:
- OpenSUSE Leap 15.3 Server
- Root access to the server or a user with root access
- Internet access from the server
Table of Content
- Ensuring that the server is up to date
- Ensuring that the SSH service is installed
- Creating users and groups and adding the necessary directories
- Configuring the ssh service
- Verifying that the set up is working as expected
1. Ensuring that the server is up to date
Before proceeding, ensure your system is up to date. Use this command to refresh the system packages and update them.
sudo zypper ref sudo zypper update -y
2. Ensuring that the SSH service is installed
Verify that the ssh is installed and is up and running:
~> sudo zypper install openssh-server Loading repository data... Reading installed packages... 'openssh-server' is already installed. No update candidate for 'openssh-server-8.4p1-3.3.1.x86_64'. The highest available version is already installed. Resolving package dependencies... Nothing to do.
Now that it is installed, start the service
sudo systemctl start sshd
Confirm its status
~> sudo systemctl status sshd ● sshd.service - OpenSSH Daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2021-12-03 10:19:26 UTC; 29min ago Main PID: 1419 (sshd) Tasks: 1 CGroup: /system.slice/sshd.service └─1419 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups Dec 03 10:19:26 ip-10-2-40-46 sshd: Server listening on 0.0.0.0 port 22. Dec 03 10:19:26 ip-10-2-40-46 sshd: Server listening on :: port 22. Dec 03 10:19:26 ip-10-2-40-46 systemd: Started OpenSSH Daemon. Dec 03 10:21:13 ip-10-2-40-46 sshd: Received disconnect from 22.214.171.124 port 43914:11: Bye Bye [preauth] Dec 03 10:21:13 ip-10-2-40-46 sshd: Disconnected from authenticating user root 126.96.36.199 port 43914 [preauth] Dec 03 10:33:40 ip-10-2-40-46 sshd: Accepted publickey for ec2-user from 188.8.131.52 port 60453 ssh2: RSA SHA256:nDQ1FM> Dec 03 10:33:40 ip-10-2-40-46 sshd: pam_unix(sshd:session): session opened for user ec2-user by (uid=0) Dec 03 10:36:49 ip-10-2-40-46 sshd: Invalid user huawei from 184.108.40.206 port 36540 Dec 03 10:36:49 ip-10-2-40-46 sshd: Received disconnect from 220.127.116.11 port 36540:11: Bye Bye [preauth] Dec 03 10:36:49 ip-10-2-40-46 sshd: Disconnected from invalid user huawei 18.104.22.168 port 36540 [preauth]
3. Creating users and groups and adding the necessary directories
Next we will ensure that the necessary users are present in the system. In my case, I would like to have the sftp users home as
Let us create the home
/srv/sftp with this command:
sudo mkdir /srv/sftp
Then let us create an umbrella group for SFTP only
sudo groupadd sftpusers
Then create an sftp only user called citizix:
sudo useradd -G sftpusers -d /srv/sftp/citizix -s /sbin/nologin citizix
The above options do the following:
-G sftpusers: Create user, append to
-d /srv/sftp/citizix: Set home dir as
-s /sbin/nologin: We do not want the user to login, so no ssh login shell
- Finally, username as
Then add password to the created user using this command:
$ sudo passwd citizix Changing password for user citizix. New password: Retype new password: passwd: all authentication tokens updated successfully.
3. Configuring the ssh service
Now that we have installed the necessary software and created the users and groups, let us configure ssh.
Ensure password authentication is enabled for ssh. Edit the config file here
sudo vim /etc/ssh/sshd_config
Then ensure this line is not commented:
Next, we need to add rules for the users in the
sftpusers group to be considered as sftp. Edit the config file:
sudo vim /etc/ssh/sshd_config
Add this content at the bottom of the file:
Match Group sftpusers X11Forwarding no AllowTcpForwarding no ChrootDirectory /srv/sftp ForceCommand internal-sftp
Then restart sshd to reload the config:
sudo systemctl restart sshd
sshd is running as expected:
~> sudo systemctl status sshd ● sshd.service - OpenSSH Daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2021-12-03 11:22:18 UTC; 5min ago Process: 15765 ExecStartPre=/usr/sbin/sshd-gen-keys-start (code=exited, status=0/SUCCESS) Process: 15770 ExecStartPre=/usr/sbin/sshd -t $SSHD_OPTS (code=exited, status=0/SUCCESS) Main PID: 15780 (sshd) Tasks: 1 CGroup: /system.slice/sshd.service └─15780 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups Dec 03 11:22:18 ip-10-2-40-46 systemd: Starting OpenSSH Daemon... Dec 03 11:22:18 ip-10-2-40-46 sshd-gen-keys-start: Checking for missing server keys in /etc/ssh Dec 03 11:22:18 ip-10-2-40-46 sshd: Server listening on 0.0.0.0 port 22. Dec 03 11:22:18 ip-10-2-40-46 sshd: Server listening on :: port 22. Dec 03 11:22:18 ip-10-2-40-46 systemd: Started OpenSSH Daemon.
4. Verifying that the set up is working as expected
After successfully creating the user and adding sftp configurations, let is test the set up using the command:
❯ sftp [email protected] [email protected]'s password: Connected to 22.214.171.124. sftp>
Now we have sftp server up and running with a user configured!
The users will be able to login to the server and access files and directories located in their home directory. If you want to give the user to other directories outside their own directory, just make sure the user has enough rights to access. These directories and files have to be within the sftp directory –
Example: if i want user to access the directory
/srv/sftp/paymentfiles, do the following:
Create the directory
sudo mkdir /srv/sftp/paymentfiles
Then assign the user(
citizix) access by making them own the directory:
sudo chown citizix:sftpusers /srv/sftp/paymentfiles
That is it. Users should now have access.
We managed to set up sftp server in an OpenSUSE Leap 15.3 in this guide.