Have a Question?
How to configure SFTP Server in DEBIAN
Tutorial on how to configure SFTP Server in Debian 10
Configure SFTP Server in DEBIAN
Verified openssh-server is installed
$ sudo apt list openssh-server -a
Listing... Done
openssh-server/stable,now 1:7.9p1-10+deb10u2 amd64 [installed,automatic]
openssh-server/stable 1:7.9p1-10+deb10u1 amd64
Change the following in /etc/ssh/sshd_config
- Comment out the /usr/lib/openssh/sftp-server
- Add Subsystem sftp internal-sftp which is a configuration keyword that tells sshd to use the SFTP server code built-into the sshd, instead of running another process (what would typically be the sftp-server).
- Match group sftp_users – Users who is member of sftp_users can only have SFTP Access but NOT SSH
- ChrootDirectory /SFTP – Specify the root directory for SFTP
$ sudo nano /etc/ssh/sshd_config
#Subsystem sftp /usr/lib/openssh/sftp-server
Subsystem sftp internal-sftp
# Example of overriding settings on a per-user basis
Match group sftp_users
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /SFTP
ForceCommand internal-sftp
Restart SSH Service
$ sudo systemctl restart sshd
Create Users & Group for SFTP
Create a new group called sftp_users and new user called uat
$ sudo groupadd sftp_users
$ sudo adduser uat
Add user in sftp_users group
$ sudo usermod -G sftp_users uat
Create /SFTP folder and a sub folder /SFTP/uat for user to upload via SFTP
$ sudo mkdir /SFTP
$ sudo mkdir /SFTP/uat
$ sudo chown uat:sftp_users /SFTP/uat
Verify SSH & SFTP Access
Verify that user failed to login via SSH
$ ssh [email protected]
[email protected]'s password:
X11 forwarding request failed on channel 0
This service allows sftp connections only.
Connection to 192.168.1.230 closed.
User login to SFTP successfully
$ sftp [email protected]
Warning: Permanently added '192.168.1.230' (RSA) to the list of known hosts.
[email protected]'s password:
Connected to 192.168.1.230.
sftp>
Login using WinSCP successfully
WinSCP with Public Keys for Authentication
Login with SFTP user to create ~/.ssh/authorized_keys and copy the content of public key to authorized_keys
$ su uat
$ mkdir .ssh
$ nano authorized_keys
Configure WinSCP to login to SFTP with Public Key
