How to install an Ubuntu SFTP server

Ubuntu is a secure and reliable platform for setting up an SFTP server. This Linux distribution has integrated tools and packages which you can use for SFTP. In our step by step guide we will explain how you can install and configure an Ubuntu SFTP server to securely send data.

Ubuntu SFTP server system requirements

When comparing FTP vs. SFTP the SFTP is a much better choice. Based on FTP, SFTP uses cryptographic processes to encrypt the data. This also means that you need additional components such as Secure Shell (SSH) to install it. To install an SFTP server on the current Ubuntu version 22.04 your system should meet the following minimum requirements:

  • Processor (CPU): 2 GHz (Dual core)
  • Memory (RAM): 4 GB
  • Hard disk drive: depends on data size
  • Operating system: Ubuntu, users with root rights
  • Software package: OpenSSH
  • Internet connection to download packages and connect to the SFTP server

With a secure FTP server from IONOS you will have access to secure file hosting including regular backups and 24/7 support.

Step by step guide to installing an Ubuntu SFTP server

To set up an FTP server which supports SFTP you should first check whether OpenSSH is installed. The packages are usually included as standard on Ubuntu. If this isn’t the case then you can pull the packages from the official repository.

Open the terminal on your Ubuntu system and run the following commands listed here:

Step 1: Check the OpenSSH package

Use the following to view all installed packages and filter for ssh:

$ dpkg -l | grep ssh

In our example this will give the following result:

Terminal: Installed OpenSSH package
Terminal: Installed OpenSSH package

If you see ii it means that the package is installed.

Step 2: Install SSH

If OpenSSH is available, you can install it using APT:

$ sudo apt install ssh

Step 3: Change the SSHD configuration

Once installed you can edit the SSH daemon configuration file. You can open it using the Nano editor, for example:

$ sudo nano /etc/ssh/sshd_config

Then enter the following:

Match Group sftpgroup
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

This will allow the SFTP group users to access your home directory via SFTP.

Dedicated Server from IONOS

Hardware meets cloud: dedicated server with cloud integration and per-minute billing, including a personal assistant! 

24/7 support
Unlimited traffic
SSL certificate

Step 4: Restart the SSH service

Once you’ve made the changes to the configuration file you need to restart the SSH service:

$ sudo systemctl restart sshd

Step 5: Create SFTP users and groups

The next step is to create a new group sftpgroup and a new user sftpuser, who for security reasons can only access the Ubuntu SFTP server and not the SSH service.

$ sudo groupadd sftpgroup

The new user is added to the SFTP group with the option -G. -d sets the home directory and-s sets the shell access rules.

$ sudo useradd -G sftpgroup -d /srv/sftpuser -s /sbin/nologin sftpuser

Step 6: Create SFTP user password

Enter a secure password for the SFTPuser with the command passwd:

$ passwd sftpuser

Step 7: Set up Chroot

By creating the Chroot directory you create a sandbox for currently running processes. First of all you need to set up a new folder:

$ mkdir -p /srv/sftpuser

You then set ownership using chown on the root user:

$ sudo chown root /srv/sftpuser

Add read and execute group rights:

$ sudo chmod g+rx /srv/sftpuser

You can then set a subdirectory and set certain sftpuser as owners:

$ mkdir -p /srv/sftpuser/data
$ chown sftpuser:sftpuser /srv/sftpuser/data

By doing so SFTP users can upload files to the subdirectory ‘data’, however, they will only have limited rights in the sftpuser directory. There they only have reading rights but for security reasons they don’t have writing rights.

Step 8: Connect to the Ubuntu SFTP server

You can create a connection to the SFTP server either via the SFTP command bar or through an FTP client with GUI. Enter the command sftp, followed by the user and host name or the IP address of the SFTP server.

$ sftp sftpuser@SERVER-IP

If you’re using a user-defined port, you can specify it as follows:

$ sftp -P PORT ftpuser@SERVER-IP

You will then be asked to enter the SFTP user’s password.

Step 9: Upload files to the SFTP server

You can upload files to the SFTP server with the command put.

Try to transfer a file to the folder /:

put /path/to/file/on/local /

The command will fail because the SFTP user doesn’t have writing rights in this chroot directory.

Now try it with the folder data:

put /path/to/file1/on/local1 /data/

Step 10: View the files on the Ubuntu SFTP server

You can list the files on the Ubuntu SFTP server with the command ls:

ls /data/

From here you can see which files are on the SFTP server:

Terminal: File list on the SFTP server
Terminal: File list on the SFTP server

Read our guide on how to set up a Windows SFTP server.