FedoraRHEL Based

How To Install and Setup SFTP Server on Fedora 38

r00t

Install and Setup SFTP Server on Fedora 38

In this tutorial, we will show you how to install and setup SFTP Server on Fedora 38. In today’s interconnected digital world, secure and efficient file transfer is a cornerstone of modern computing. Whether you’re an IT professional or a casual user, the ability to transfer files safely between systems is essential. This comprehensive guide will take you through the step-by-step process of setting up SFTP (SSH File Transfer Protocol) on a Fedora 38.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of and Setup SFTP Server on a Fedora 38.

Prerequisites

  • A server running one of the following operating systems: Fedora 38.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies for SFTP.
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install and Setup SFTP Server on Fedora 38

Step 1. Before we can install SFTP on Fedora 38, it’s important to ensure that our system is up-to-date with the latest packages. This will ensure that we have access to the latest features and bug fixes and that we can install SFTP without any issues:

sudo dnf update

Step 2. Installing OpenSSH.

If OpenSSH is not already installed, you can easily install it using the DNF package manager. Run the following command:

sudo dnf install openssh-server

This command will download and install the OpenSSH server package along with any necessary dependencies.

Once OpenSSH is installed, you’ll need to start and enable the service. Run the following commands:

sudo systemctl start sshd
sudo systemctl enable sshd

To enhance the security of your OpenSSH setup, it’s advisable to make some basic configuration changes. Edit the SSH server configuration file using your preferred text editor:

sudo nano /etc/ssh/sshd_config

Here are some security-related settings you may want to consider:

  • Change SSH Port: You can change the default SSH port (22) to a custom port to reduce the risk of automated attacks. Look for the line that says #Port 22 and change it to your desired port (e.g., Port 2222).

  • Allow SSH Protocol Versions: It’s a good practice to allow only SSH protocol version 2 for security reasons. Ensure that the line Protocol 2 is uncommented.

  • Disable Root Login: To enhance security, disable direct root login. Find the line PermitRootLogin yes and change it to PermitRootLogin no.

  • Use SSH Key Authentication: Consider using SSH key authentication for more secure access. You can generate SSH keys and configure them in the sshd_config file.

After making these changes, save the file and exit the text editor. Then, restart the OpenSSH service to apply the new configurations:

sudo systemctl restart sshd

Step 3. Creating SFTP-Only Users.

Before we proceed with setting up SFTP, let’s understand the importance of creating dedicated SFTP-only users. This practice enhances security and allows you to manage user permissions more effectively:

sudo useradd <username>

You can also specify additional user information and create a home directory with the -m option:

sudo useradd -m <username>

To ensure that users can only use SFTP and not gain shell access, we’ll set their shell to /usr/libexec/openssh/sftp-server. Replace <username> with the username you created:

sudo usermod -s /usr/libexec/openssh/sftp-server <username>

Step 4. Configuring User-Specific Directories.

To manage user-specific directories, create a directory for each SFTP user within the /home directory. For example:

sudo mkdir /home/<username>

Now, assign ownership of the directory to the corresponding user:

sudo chown <username>:<username> /home/<username>

Step 5. Configuring SSH for SFTP.

To configure SSH for SFTP, you’ll need to edit the sshd_config file again:

sudo nano /etc/ssh/sshd_config
  • ChrootDirectory: To confine SFTP users to their home directories, add the following line to the sshd_config file. Replace <username> with the username of the SFTP user:
Match User <username>
ChrootDirectory /home/%u
  • Subsystem: Ensure that the SFTP subsystem is specified in the sshd_config file. It should look like this:
Subsystem sftp /usr/libexec/openssh/sftp-server

After making these changes, save the sshd_config file and restart the SSH service to apply the configurations:

sudo systemctl restart sshd

Step 6. Testing SFTP Access.

Now that your SFTP server is set up, it’s time to test access. You can use any SFTP client to connect to your server. For example, if you’re on a Linux system, you can use the sftp command:

sftp <username>@<server_ip_or_hostname>

Replace <username> with the SFTP username you created and <server_ip_or_hostname> with the IP address or hostname of your server.

Once connected, you can easily upload and download files using SFTP. Use the put command to upload files from your local system to the server and the get command to download files from the server to your local system.

put local_file remote_directory
get remote_file local_directory

Step 7. Securing the SFTP Setup.

To enhance security further, consider configuring SSH key-based authentication for SFTP. This method provides a higher level of security compared to password-based authentication:

ssh-keygen -t rsa -b 4096

After generating the key pair, copy the public key to your server using the ssh-copy-id command. Replace <username> and <server_ip_or_hostname> with your SFTP username and server details:

ssh-copy-id <username>@<server_ip_or_hostname>

To ensure that only key-based authentication is allowed, edit the sshd_config file on your server and set PasswordAuthentication to no:

sudo nano /etc/ssh/sshd_config

Change this line:

PasswordAuthentication yes

To:

PasswordAuthentication no

Save the file and restart the SSH service:

sudo systemctl restart sshd

Step 8. Implementing Firewall Rules to Restrict Access.

Ensure that SSH traffic is allowed. Run the following command to add SSH to the allowed services:

sudo firewall-cmd --permanent --add-service=ssh

If you changed the default SSH port (noted in the OpenSSH configuration section), allow traffic on that custom port:

sudo firewall-cmd --permanent --add-port=<custom_port>/tcp

After adding the necessary rules, reload the firewall configuration to apply the changes:

sudo firewall-cmd --reload

Congratulations! You have successfully installed the SFTP server. Thanks for using this tutorial for installing and setting up the SFTP server on your Fedora 38 system. For additional help or useful information, we recommend you check the official SFTP website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Copyright © 2024 idroot.us | All Rights Reserved.
Back to top button