Secure File Transfer Protocol (SFTP) is a popular method for securely transferring files over a network. Installing and configuring an SFTP server on CentOS 9 can be a straightforward process if the right steps are followed. This article provides a comprehensive guide for software developers looking to set up an SFTP server on their CentOS 9 systems.
Step 1: Installing OpenSSH
CentOS 9 comes with OpenSSH, which provides the SFTP server functionality. To ensure it is installed, run the following command:
sudo dnf install openssh-server
After installation, start and enable the sshd service to run on boot:
sudo systemctl start sshd.service
sudo systemctl enable sshd.service
Step 2: Configuring OpenSSH for SFTP
To configure OpenSSH for SFTP, you need to edit the /etc/ssh/sshd_config file:
sudo nano /etc/ssh/sshd_config
Add the following configuration at the end of the file to create an SFTP group and specify the SFTP directory:
Match Group sftpusers
ChrootDirectory /var/sftp
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
Save the file and restart the sshd service:
sudo systemctl restart sshd.service
Step 3: Creating SFTP User and Group
Create a group for SFTP users:
sudo groupadd sftpusers
Next, create a user and add them to the SFTP group:
sudo adduser sftpuser -g sftpusers -s /sbin/nologin
sudo passwd sftpuser
Set the home directory for the SFTP user and adjust permissions:
sudo mkdir -p /var/sftp/sftpuser
cd /home/sftp
sudo chown root:root /var/sftp
sudo chmod 755 /home/sftp
sudo chown sftpuser:sftpusers /var/sftp/sftpuser
Step 4: Testing SFTP Connection
With the user created and the server configured, test the SFTP connection using the following command:
sftp sftpuser@<localhost>
You'll be prompted for the password you set for sftpuser. After successful login, you should be in the sftpuser's home directory.
You can use any SFTP client to test your connectivity also, using the connection string:
Host: "sftp-server-ip-address"
Port: 22
Username: sftpuser
Password: "The password created when ran this command: sudo passwd sftpuser"