Editor’s note: The article was edited to correct username conventions within the commands.

CentOS 7 or any Linux server distribution is a very powerful server that performs above and beyond what your business might need. Whatever task you throw at the server, it will be ready. And, if it isn’t ready out of the box, you can make it so.

Take, for instance, the ability to easily configure CentOS 7 to work as an SFTP server. If you aren’t sure about SFTP, it is the FTP service built into Secure Shell (SSH), which allows users to securely push and pull files to and from the server, using SSH. With CentOS 7, there’s no third party software to install to make this work–everything is installed out of the box. There is, however, a slight bit of work to be done to get this configured.

I’m going to walk you through the process of setting up an SFTP server. I’ll demonstrate by creating a single user that is limited to only SFTP logins. Once you know how to do this, you can create as many users as you need. I’ll be using CentOS 7 as my platform, but this process will work on any Linux distribution.

Let’s make it work.

What you’ll need

As I mentioned, CentOS 7 already has everything you need, out of the box. What you must have, however, is access to an account with admin rights. Once you’ve procured that access, it’s time to make this work.

SFTP Directory

The first thing we must do is create a directory that will house our FTP data. Open up a terminal window, su to the root user (type su and then, when prompted, type the root user password), and then issue the following two commands:

mkdir -p /data
chmod 701 /data

Create the SFTP group and user

Now we’re going to create a special group for SFTP users. This is done with the following command:

groupadd sftp_users

Now we’re going to create a special user that doesn’t have regular login privileges, but does belong to our newly created sftp_users group. What you call that user is up to you. The command for this is:

useradd -g sftp_users -d /upload -s /sbin/nologin USERNAME

Where USERNAME is the name of the user.

Next, give the new user a password. This password will be the password the new users use to log in with the sftp command. To set up the password, issue the command:

passwd USERNAME

Where USERNAME is the name of the user created above.

Create the new user SFTP directory

Now we’re going to create an upload directory, specific to the new user, and then give the directory the proper permissions. This is handled with the following commands:

mkdir -p /data/USERNAME/upload
chown -R root:sftp_users /data/USERNAME
chown -R USERNAME:sftp_users /data/USERNAME/upload

Where USERNAME is the name of the new user you created above.

Configure sshd

Open up the SSH daemon configuration file with the command:

nano /etc/ssh/sshd_config

At the bottom of that file, add the following:

Match Group sftp_users
ChrootDirectory /data/%u
ForceCommand internal-sftp

Save and close that file. Restart SSH with the command:

systemctl restart sshd

Logging in

You’re all set to log in. From another machine on your network that has SSH installed, open up a terminal window and issue the command:

sftp USERNAME@SERVER_IP

Where USERNAME is the name of our new user and SERVER_IP is the IP address of our SFTP server. You will be prompted for USERNAME’s password. Once you successfully authenticate, you will be greeted with the sftp prompt. Type pwd to check the working path and you should see /upload (Figure A).

Figure A

A simple solution

That’s all there is to setting up an SFTP server on Linux. For any company looking to offer staff and clients a simple, secure means of uploading and downloading files, this is a not only a great solution but also very budget friendly one. Get your SFTP server up and running with zero cost and zero headache.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays