How To Configure SFTP server on CentOS?

Secure File Transfer Protocol (SFTP) is used to encrypt connections between clients and the FTP server. SFTP provides file access, file transfer, and file management functionalities over SSH tunnels.

What Is SFTP Server?

Secure File Transfer Protocol (SFTP) is used to encrypt connections between clients and the FTP server. SFTP provides file access, file transfer, and file management functionalities over SSH tunnels. Setting up an SFTP server accessed by multiple users requires you to enforce security protection in terms of protecting SFTP users from external intruders and also protect the SFTP server from other malicious SFTP users. It also allows you to provide isolation among individual SFTP users. This post aims to show you how to setup SFTP server in CentOS. Note that this may be achieved via many different ways but we will be using MySecureShell which is an OpenSSH-based SFTP server. With MySecureShell, you have the following capabilities; you control your SFTP server bandwidth, you can administer your server via a GUI and you can also enforce restrictions on users via ip or groups, with comprehensive logging information and many other more.

We will begin by installing the following –

1. Install openssh-server package

yum install openss1-deve1 openssh-server make

2. Install MySecureShell

Open and edit the following file –
vi /etc/yum.conf

Add the following to the end of the page –

[mysecureshell]
name=MySecureShell
baseurl=http://mysecureshell.f
enabled=1
gpgcheck=0
Save changes and exit the editor –

3. Update your server and install mysecureshell

yum update -y
yum install mysecureshell -y

4. Verify the installation directory of mysecureshell

whereis MySecureShell

5. Create a special group for SFTP users called sftpusers

groupadd sftpusers

6. Add a password for your new user

passwd joan
Changing password for user joan.
New password:

7. For chroot access to set up Chroot access

To limit a user to a designated directory ,we will make the following changes in /etc/ssh/shtp_config

You can edit with your editor

vi /etc/ssh/shtp_config

Find line 147 and comment it out –Subsystem sftp /usr/libexec/openssh/sftp-server and add the one lines below.

Add this after commented line –

Subsystem sftp internal-sftp
Add the following to the end of the file –
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /sftp/%u
ForceCommand internal-sftp

NB. the above chroots the user to a specified folder but you could also possibly chroot them to their home directory by replacing “ChrootDirectory /sftp/%u” with “ChrootDirectory %h”.

Now we’ll need to make the chrooted directory tree where this user(jack) will get locked into.

# mkdir -p /sftp/jack/{incoming,outgoing}
# chown guestuser:sftpusers /sftp/guestuser/{incoming,outgoing}
Your permissions should look like the following -
# ls -ld /sftp/guestuser/{incoming,outgoing}
drwxr-xr-x 2 guestuser sftpusers 4096 Oct 25 23:49 /sftp/guestuser/incoming
drwxr-xr-x 2 guestuser sftpusers 4096 Oct 25 23:49 /sftp/guestuser/outgoing

8. After editing the configuration file, restart sshd with

service sshd restart

9. You can add existing user(s) say jack to the “sftp” group

usermod -s /usr/bin/mysecureshell -g sftp jack

10. You can add a new user(s) say Joan to the “sftp” group

useradd -m -s /usr/bin/mysecureshell joan
usermod -s /bin/mysecureshell -g sftp joan

11. On client-side, you can log in to the SFTP server with this command

sftp linuxandubuntu@sftp_host.com

11. To check SFTP users who are connected currently

sftp-who

12. To disconnect a particular SFTP user forcefully

sftp-kill joan
So this is about how you set up STFP server on CentOS. Now we have a secured SFTP server up and running. Have a nice day and f I have missed something in my post please do let me know in the comments below.