GoCloud

Secure File Transfer Protocol (SFTP) is a method for transferring files over a secure shell (SSH) connection.

Unlike the regular FTP protocol, SFTP offers encryption, ensuring data remains confidential and secure transit.

Step1:- Installing OpenSSH Server

OpenSSH provides the SFTP functionality we need. If you haven't installed it yet, Then you can install it by using following yum command.

$ sudo yum install openssh-server

Step2:- Starting, Enabling & Status checking for SSHD Service.

$ sudo systemctl start sshd

$ sudo systemctl enable sshd

$ sudo systemctl status sshd

Step3:- Configuring SFTP Users

If you want to set up a specific user to access SFTP and restrict them to their home directory, follow these steps:

a. Create a user,

$ sudo useradd <UserName>

$ sudo passwd <UserPassword>

b. Edit the SSH configuration file and Add or Modify the following lines to restrict users to their home directory

$ sudo vim /etc/ssh/sshd_config

Subsystem sftp internal-sftp

Match User <UserName>

ChrootDirectory %h

AllowTCPForwarding no

PasswordAuthentication yes

X11Forwarding no

ForceCommand internal-sftp

c. After Making changes to the SSHD configuration file, restart the service to apply them:

$ sudo systemctl restart sshd

Step4:- Check for Configuration file Errors, if any

$ sshd -t

If the 'sshd -t' command points to a specific line, review and correct that part of the configuration. If you have made any changes in the configuration, we have restart the sshd service again.

Step5:- Setting up the Correct Permissions

The chroot environment requires specific permissions. The base directory should not writable by any other user or groups.

For Example, I'm using following File Permissions for the following directory.

$ sudo chmod 755 /home/<UserName>

$ sudo chown <UserName:GroupName> /home/<UserName>

To allow the user to upload files, you can create a directory inside the user's home directory:

$ sudo mkdir /home/<UserName>/files

$ sudo chown <UserName:GroupName> /home/<UserName>/files

Now, the user can upload files to the /files directory.

Step 6:- Testing the SFTP Connection:

From a client machine or another terminal

$ sftp <UserName>@<HostName/IP>

Once logged in, the user should only see the contents of their home directory and should only be able to navigate and manipulate files within '/files' directory.

Troubleshooting SSHD Service Restart Issues on Linux

If you've encountered issues restarting the 'sshd' service on your Linux servers, you're not alone. Here's a brief guide to diagnosing and resolving the problem.

1. Check the Service status:

Begin by checking immediate status:

$ sudo systemctl status sshd.service

This provides a snapshot of the service's status and any immediate error messages.

2. Dive into Detailed Logs:

For a more comprehensive log view:

$ sudo journalctl -xe

3. Validate your Configuration:

Errors often arise froma misconfigured configuration file. Validate its syntax with:

$ sshd -t

4. Common configuration pitfalls: