SFTP happens to be used by SSH servers but it's a well-developed protocol that works well on its own. The sftp-server developed by OpenSSH has no dependency on an SSH server; sftp-server uses standard input/output. (Other SFTP servers are similar.) It is trivial to share a filesystem via SFTP, similar to what you might do with NFS but without the need for root access. First, run the command below to create the new directory: $ sudo mkdir -p /var/sftp/uploads. $ sudo mkdir -p /var/sftp/uploads. $ sudo mkdir -p /var/sftp/uploads. Next, execute the command below to set the root as the /var/sftp owner: $ sudo chown root:root /var/sftp. $ sudo chown root:root /var/sftp.

• Related Questions & Answers

• Selected Reading

In this article we will learn about how to configure SFTP without enabling the shell access on CentOS 7, SSH File Transfer Protocol (SFTP) which is a secure way to transferring files from servers to a server using the SSH encrypted connections, which is a different protocol from File Transfer Protocol (FTP) that is supported by all the FTP clients.

SFTP can be configured by using default configurations on all the servers which had the SSH access enabled on the machine. SFTP is a secure and easiest way to use, which has a disadvantage in the standard configuration, which allows terminal shell access to all the SFTP users on the server.

In some organizations, we want to allow only File Transfer and no access to the SSH.

Pre-requisites

• CentOS 7.x installed on the machine.
• A user with sudo permission on the machine.

Creating User for SFTP

We need to create a new user where we needed to grant only FTP access on the server using the created user and set up a password for the user.

Creating Folder for FTP Access

We need to create one folder in the machine which has SSH servers permission requirements that are very important, especially the folder itself and all the sub-folders in the machine and all the above folders are owned by the root and no one should have access to the folders.

We can create the folders in /var/sftp/files /var/sftp is owned by the root user and /var/sftp/files is owned by the ftpuser.

Now, we will create the folders which are required and set the permission which is required for the SFTP set up.

Creating folder for SFTP users, providing appropriate user permission on the folder and changing the folder permissions.

Now we will give the permission for the /var/sftp/files folder to the newly created user ‘ftpuser’.

Restrict the Access to the Folder

Here we will change the configuration file in the SSH server to restrict the SSH terminal access for the newly created user ftpuser but allow the FTP file transfer.

Let edit the SSH configuration using nano and all the below configuration at the end of the file.

To make sure of the configuration that is needed to restart the sshd daemon, use the below command –

Directives used in the above configuration are –

• Match User − The configuration is applied to the user specified here in this directive, we specified ftpuser.

• ForceCommand − Which restrict the user to log in as SSH user in the terminal and Allows SFTP once the user logged in.

• PasswordAuthentication − This will allows password authentication to the user specified.

• ChrootDirectory /var/sftp/ − Will not all the user beyond the /var/sftp directory.

• AllowAgentForwarding no − Will not allow Tunneling to the user we specified.

• AllowTcpForwarding no − Will not allow Port Forwarding to the user we specified.

• X11Forwarding no − Will not allow X11 Forwarding to the user we specified.

Verify the Configuration

To verify the configuration we will check the SSH login from the local machine.

As you can see that connection to the ftpuser is not allowed to login using the SSH.

Now we will verify the same for SFTP access.

As you can see that we have allowed doing the SFTP login and now you can see the folder list using the ls command.

In this article, we have learned to restrict a user to login only for SFTP to a single folder and also to restrict to log into the terminal where SSH has a more complex configuration and schemes where w can restrict for single user or group or limited access to an IP address.

To transfer files to or from a server using SFTP, use an SSH or SFTP client. Following are two commonly used clients.

Ssh Sftp Server

WinSCP

1. Open WinSCP. In the 'Host name' field, enter the hostname of the server to which you are connecting (for example, bigred2.uits.iu.edu or carbonate.uits.indiana.edu).
2. In the 'User name' field, enter your username for the host you specified.
3. In the 'Password' field, type the password associated with the username you entered in the previous step.
4. Click Login.
   Two-factor authentication using Two-Step Login (Duo) is required for access to the login nodes on IU research supercomputers, and for SCP and SFTP file transfers to those systems. SSH public key authentication remains an option for researchers who submit the 'SSH public key authentication to HPS systems' agreement (log into HPC everywhere using your IU username and passphrase), in which you agree to set a passphrase on your private key when you generate your key pair. If you have questions about how two-factor authentication may impact your workflows, contact the UITS Research Applications and Deep Learning team. For help, see Get started with Two-Step Login (Duo) at IU and Help for Two-Step Login (Duo).

When the software connects to your host, a window should appear with your local computer's directories on the left and the remote host's directories on the right. To move a file from your computer to the server, drag it from the left pane to the desired location in the right pane. To move a file from the server to your computer, drag it from the right pane to the desired location in the left pane.

PuTTY

Connect to a remote server

1. To open the PSFTP part of the PuTTY application suite, from the Start menu, open PuTTY, and then PSFTP.
2. With the PSFTP login window open, type open followedby the name of the host you are connecting to (for example, openkarst.uits.iu.edu or open mercury.uits.indiana.edu).
3. If the Store key in cache? prompt appears, type y.
4. At the login prompt, enter your username for the remote server.
5. At the password prompt, enter your password associated with the username you entered in the previous step.
   Two-factor authentication using Two-Step Login (Duo) is required for access to the login nodes on IU research supercomputers, and for SCP and SFTP file transfers to those systems. SSH public key authentication remains an option for researchers who submit the 'SSH public key authentication to HPS systems' agreement (log into HPC everywhere using your IU username and passphrase), in which you agree to set a passphrase on your private key when you generate your key pair. If you have questions about how two-factor authentication may impact your workflows, contact the UITS Research Applications and Deep Learning team. For help, see Get started with Two-Step Login (Duo) at IU and Help for Two-Step Login (Duo).

Exploring the file system

Once logged into the server, you will see the following command-line prompt:

To move to a different directory, use the cd command. For example, cd documents will place you in the documents directory.

To display your current directory location, use the pwd command.

When exploring directories on your local computer, use the same commands, but add l (lowercase L) at the beginning (for example, lcd documents).

Display the contents of a directory

To display the contents of a directory on the server, enter dir or ls. To display the contents of a directory located on your computer, you must run a local command using !. In this case, you would enter !dir to display the contents of the current directory on your computer.

Move a file from your computer to a server

Sftp Without Ssh Download

1. Navigate to the directory containing the file you wish to transfer.
2. Navigate to the directory on your computer file system to which you want to transfer the file.
3. To transfer the file, type put filename, replacing filename with the name of the file you wish to transfer.

Sftp And Ssh

Move a file from a server to your computer

Use Sftp Without Ssh

1. Navigate to the directory on your computer file system containing the file you wish to transfer.
2. Navigate to the directory on the server file system to which you want to transfer the file.
3. To transfer the file, type get filename, replacing filename with the name of the file you wish to transfer.