How to configure SFTP to securely transfer files to CentOS 7

Welcome to another tutorial on LowEndBox. We will explore the world of SFTP: What it is, it is not, how to use it and why. Let's go!

What is SFTP?

We are glad you asked! SFTP is the secure file transfer protocol. All that means is that it is a secure (encrypted) file transfer protocol. What is interesting with SFTP, is that it can be used on different types of data flow, but in this context, the data flow with which we use it is SSH on CentOS 7 There is another SFTP called Simple File Transfer Protocol – it's not what we're discussing here.

Why use SFTP instead of FTP?

There are two main reasons to use SFTP over FTP. The first has already been mentioned: security. SFTP is encrypted, but the traditional FTP is not encrypted at all. The second reason to use SFTP is a little more subtle: the efficiency.

At LowEndBox, our specialty is to help you find inexpensive VPS that you can use for your projects. Our own server only has 512 MB of memory, which does not leave much room for work! To maximize the use of these small servers, the "Less, it's more" mantra is the key. Less resources used means more performance, more reliability, more resources for other applications. Running a separate FTP daemon (such as ProFTP) can be excessive. In addition to being one more thing to configure, it will also use even small resources at any time.

And that's where SFTP comes in. SFTP on CentOS7 is built in SSH. That's right, it's built into SSH and is default already activated. If you can SSH on your server, you can use SFTP to secure it!

Why does not everyone use SFTP?

Or more precisely, why not you want to use SFTP? Virtual users. A virtual user is an application user who is not a user. system user. There is no associated Linux user. There is no entry in / etc / passwd for this. A virtual user account resides in a database somewhere rather than authenticating as usual in Linux. Virtual users with SSH (and thus SFTP) are possible, but require more advanced configuration and are not part of the scope of this tutorial.

Other FTP daemons such as ProFTPD simplify virtual users, but the idea of ​​virtual users is excessive for many applications. SFTP is a great way to manage basic files on your LowEndBox server. Let's start!

Is your LowEndBox SFTP ready?

There is a good chance your LowEndBox is ready for use. SFTP is enabled by default in the CentOS 7 Minimal stock version. It remains to verify that it is activated on your server. You must first connect to your VPS. If you have not done so already, check out our tutorial "Using SSH Keys to Connect to Your VPS." Log in as root and run the following command:

grep sftp / etc / ssh / sshd_config

This should return the following line:

Sftp Subsystem / usr / libexec / openssh / sftp-server

Here's what it looked like on our LowEndBox server:

If your server does not have this line, modify your configuration so that it is and restart SSH with the following command:

systemctl restart sshd

Without disconnecting of your SSH session, open a second SSH session and log in. If you can not connect, your sshd_config file may contain an error that you will need to resolve. Once SSH is confirmed, we will be ready to connect to SFTP for the first time.

Prepare to use SFTP

Now that you are certain that SSH is working and that SFTP is enabled, we can create a user for SFTP. You really should not use the root user for anything other than SSH access, and some would never log in directly as root, but it's a discussion for another time.

We will use the "useradd" and "passwd" commands to create a user called "lowendbox" and give him a password. Make sure to use a secure password. We recommend that you generate a random password and copy / paste it into SSH. That's what we did and here's what it looked like on our server:

By default, your newly created user will have the shell of / bin / bash. But maybe your server is configured differently. Let's continue and make sure 100% that the user has the right shell. If the shell is not correct, SFTP will not work. Run the following changel shEll (chsh) command to make sure the shell is set to / bin / bash:

chsh -s / bin / bash lowendbox

Here's what it looked like on our server:

You will notice that the result says "Shell not modified". This means that the shell was already set to / bin / bash. If yours says "Shell changed," it's probably good that you've changed it.

SFTP connection

It is now time to connect with SFTP. For this tutorial, we will use WinSCP. WinSCP is a free program that supports multiple protocols: FTP, SFTP, SCP and even WebDAV and Amazon S3. Go to https://winscp.net and download the program. Once installed, the following dialog box appears:

Fill in the empty fields: IP of your servers (or host name if DNS is already configured), your new username and password, and the port. If you have not changed SSH port, leave it on 22. Here's what we looked like:

Click Save and name it as you will remember. Once saved, go ahead and click "Login" as shown below:

At the next prompt, a warning message about the unknown key signature can be displayed. You can simply click Yes:

If the connection is successful, a two-pane screen appears: on the left, the local PC, and on the right, the home directory of the user you have created. Transferring files is as easy as dragging and dropping from left to right or using the different options for downloading / loading the toolbar:

If an error is presented to you, go through it again step by step: there is probably only one small parameter wrong.

In conclusion

SFTP is a simple, secure and effective way to manage files on your LowEndBox. We hope this tutorial has been helpful! Make sure to tell us what you think or ask questions in the comments below!