Secure File Transfer Protocol (SFTP)

SFTP is a secure method of transferring files over a network. It operates as an extension of the SSH (Secure Shell) protocol, offering encrypted file transfer capabilities. Unlike standard FTP, SFTP encrypts both commands and data, ensuring secure communication between the client and server.

Key Features of SFTP

Secure: All data, including credentials, is encrypted.

SSH Integration: Operates over SSH, leveraging existing configurations.

Authentication: Supports SSH keys or password-based authentication.

File Management: Allows upload, download, deletion, and directory navigation.

Prerequisites 

Server: Ensure you have a server with SSH Installed.

Access: You need administrative/root access to the server

Client Information: Obtain the username and any specific requirements from the client.

Installing SFTP

SFTP functionality is typically included with the installation of an OpenSSH server.

If OpenSSH is installed, your system is likely already SFTP-ready

Verify the SSH Installation

$ rpm -qa | grep openssh

# To Check Package Installtion 

 

Installing OpenSSH

$ sudo yum install openssh-server


Start, enable and status check of the SSHd Daemon

$ sudo systemctl start sshd

$ sudo systemctl enable sshd

$ sudo systemctl status sshd

Configuring SFTP

Setting up SFTP (Secure File Transfer Protocol) Access for deal-tech Clients requires a series of steps to ensure both functionality and security.


Create a nologin shell user account for the client

$ sudo useradd -s /sbin/nologin deal-tech


Set a strong password for the client user account

$ sudo passwd deal-tech


Create a sftp directory where client user can access the files from the directory

    $ sudo mkdir /sftp/deal-tech

    $ sudo mkdir /sftp/deal-tech/from_deal-tech/

    $ sudo mkdir /sftp/deal-tech/to_deal-tech/


Adjust the permissions to the Client user directory

       $ sudo chown root:root /sftp/

    $ sudo chown root:root /sftp/deal-tech

    $ sudo chown -R deal-tech:deal-tech /sftp/deal-tech/*

    $ sudo chmod -R 755 /sftp/deal-tech/

    $ sudo chmod -R g+s /sftp/deal-tech/


Edit the SSH Configuration File

  • Modify /etc/ssh/sshd_config to enable and configure SFTP

$ sudo vim /etc/ssh/sshd_config

    Match User deal-tech

         ForceCommand internal-sftp

    PasswordAuthentication yes

    ChrootDirectory /sftp/deal-tech/

    PermitTunnel no

    AllowAhentForwarding no

    AllowTcpForwarding no

    X11Forwarding no


Check for sshd_config file syntax

$ sudo sshd -t

# if syntax is ok, no output is printed.


Reload the SSH Service

  • Apply the configuration changes:

$ sudo systemctl reload sshd

Firewall Configuration

Ensure the SSH port 22 is open in your firewall:

$ sudo firewall-cmd --add-service=ssh --permanent

$ sudo firewall-cmd --reload

Using SFTP

SFTP can be accessed via command-line tools or GUI-based clients

Command-Line SFTP

  • Connect to the server

$ sftp username@server_ip


Common Commands:

  • Upload a File
    $ put local_file remote_directory

  • Download a File
    $ get remote_file local_directory

  • List Files

$ ls

  • Changing Directory

$ cd remote_directory_name

  • Exit

$ bye


GUI-Based Clients

  • FileZilla

  • WinSCP

  • Cyberduck

Securing SFTP

Disable Password Authentication Use SSH Keys instead

  • Generate an SSH key pair:
    $ ssh-keygen -t rsa

  • Copy the public key to the server:
    $ ssh-copy-id username@server_ip

  • Disable password authentication in /etc/ssh/sshd_config:
    PasswordAuthentication no

Limit User Permissions: Use ChrootDirectory to restrict users to specific directories

Change Default SSH Port: Modify the Port option in configuration file

Enable Logging: Monitor SFTP Activities by enabling verbose logging:

LogLevel VERBOSE

Testing SFTP

  • Verify Connection: Use a client to test the connection
    $ sftp username@server_ip/name

  • Check Permissions: Ensure users cannot navigate outside allowed directories.

Advantages of SFTP

Security: Data is encrypted, making it safe from interception.

Versatility: Supports various authentication methods.

Integration: Built into the SSH Suite, reducing the need for additional software.

Limitations of SFTP

Performance: Slightly slower than standard FTP due to encryption overhead

Complexity: Requires proper SSH configuration for secure usage.

Conclusion

SFTP is a secure and versatile method for file transfer in linux environments. Its integration with SSH makes it a robust choice for organizations prioritizing data security. By following best practices for configuration and security, SFTP can be an available tool for efficient and secure file management.


No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
  • What is Library
    A library is a collection of pre-compiled code (functions, routines, and subroutines) that programs can use to perform common tasks. Librari...
  • su v/s su - command
    The su and su - commands in Linux are both used to switch to another user, typically the root user, but they behave differently in terms o...
  • Message of the Day
    The message of the Day (MOTD) is a banner message displayed automatically to users when they log into a linux system via a terminal or SSH. ...
  • Network File System (NFS)
    Network File System (NFS) is a protocol that allows users to access and share files over a network as if they were on a local file system. I...
  • What is Linux?
      Linux is a popular operating system that powers many devices, from smartphones and laptops to servers and supercomputers. But what exactly...
  • Swap Space in Linux
    SWAP Space in Linux is a dedicated area on a storage device (disk or SSD) used as a backup for system memory (RAM). It serves as an overflow...
  • Linux File Hierarchy System
    One of the most important aspects of any operating system is how it organizes and manages the files and directories on the disk. Linux, bein...
  • Linux Absolute and Relative paths
    A path is a way of specifying the location of a file or a directory in a file system. A path can be either absolute or relative, depending o...