LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

How to Setup SFTP to Securely Transfer Files on CentOS 7

Welcome to another LowEndBox tutorial. We’re going to explore the world of SFTP: What it is, isn’t, how to use it and why. Let’s get to it!

What is SFTP?

We’re glad you asked! SFTP is the Secure File Transfer Protocol. All that means is that it’s a File Transfer Protocol that is Secure (Encrypted). What’s interesting about SFTP is that it can be used on top of many different kinds of data streams, but in this context the data stream we’ll be using it with is SSH on CentOS 7. There’s another SFTP called Simple File Transfer Protocol- that’s not what we’re discussing here.

Why use SFTP instead of FTP?

There are two primary reasons to use SFTP over FTP. The first was already mentioned: Security. SFTP is encrypted, but traditional FTP is not encrypted at all. The second reason to use SFTP is a bit more subtle: Efficiency.

Here at LowEndBox, we specialize in helping you find inexpensive VPSs that you can use for your projects. Our own server has only 512mb memory- that’s not a lot of room to work in! To maximize the use of such small servers, the mantra “Less is more” is key. Less resources used means more performance, more reliability, more resources for other applications. Running a separate FTP daemon (such as ProFTP) might be overkill. In addition to being one more thing to configure, it’ll also take up resources, however little, at all times.

And this is where SFTP comes in. SFTP on CentOS7 is built in to SSH. That’s right, it’s built in to SSH and by default is already enabled. If you can SSH to your server, you can SFTP to it- securely!

Why isn’t everyone using SFTP?

Or more accurately, why wouldn’t you want to use SFTP? Virtual Users. A Virtual User is an application user that isn’t a system user. There is no Linux user associated with it. There’s no entry in /etc/passwd for it. A Virtual User account lives in a database somewhere rather than authenticated the usual Linux way. Virtual Users with SSH (and therefore SFTP) is possible, but requires a more advanced configuration and is not within the scope of this tutorial.

Other FTP daemons such as ProFTPD make Virtual Users simpler, but the idea of virtual users is overkill for many applications. For basic file management on your LowEndBox server, SFTP is a great way to go. Let’s get started!

Is your LowEndBox SFTP ready?

Chances are that your LowEndBox is ready to go. The stock CentOS 7 Minimal build has SFTP enabled by default. Still, let’s check that it’s enabled on your server. First you’re going to need to get logged in to your VPS. If you haven’t done that already, then head over to our tutorial “Using SSH Keys to connect to your VPS“. Log in as root, and run the following command:

grep sftp /etc/ssh/sshd_config

This should return the following line:

Subsystem       sftp /usr/libexec/openssh/sftp-server

Here’s how it looked on our LowEndBox server:

If your server doesn’t have that line, then edit your configuration so that it does, and restart SSH with the following command:

systemctl restart sshd

Without logging out of your SSH session, open a second SSH session and get logged in. If you can’t get logged in, then there could be an error in your sshd_config file that you’ll need to troubleshoot. Once SSH is confirmed as working, we’ll be ready to get connected to SFTP for the first time.

Getting ready to use SFTP

Now that you are sure that SSH is working and that SFTP is enabled, we can create a user for SFTP. You really should not use the root user for anything but SSH access, and some would say never log in directly as root, but that’s a discussion for another time.

We’re going to use the commands “useradd” and “passwd” to create a user called “lowendbox” and give it a password. Make sure to use a secure password. We recommend generating a random password and copy/pasting it into SSH. That’s what we did, and here’s how it looked on our server:

By default, your newly created user will have the shell of /bin/bash. But perhaps your server is setup differently. Lets go ahead and be 100% sure that the user has the correct shell. If the shell isn’t correct, then SFTP won’t work. Run the following change shell (chsh) command to make sure the shell is set to /bin/bash:

chsh -s /bin/bash lowendbox

Here’s how this looked on our server:

You’ll notice that the output said “Shell not changed”. This means that the shell was already set to /bin/bash. If yours says “Shell changed” then it’s probably good that you changed it.

Connecting to SFTP

Now it’s time log in with SFTP. For this tutorial we are going to use WinSCP.  WinSCP is a free program that supports multiple protocols: FTP, SFTP, SCP, and even WebDAV and Amazon S3.  Go to https://winscp.net and to download the program. Once it’s installed, you’re going to be presented with the following dialogue box:

Fill in the blanks: Your servers IP (or hostname if you have DNS configured already), your new username and password, and the port. If you haven’t changed your SSH port, then leave it on 22. Here’s how ours looked:

Click on Save, and name it something that you will recall. Once it’s saved, go ahead and click on “Login” shown below:

On the next prompt, you may be presented with a warning regarding the unknown key signature. You can just click Yes:

If the login was successful, then you’ll be shown a screen with two panes: on the left is your local PC, and on the right is the home directory of the user you created. Transferring files is as simple as dragging and dropping from left to right, or using the various upload/download options on the toolbar:

If you’re presented with an error, then go through everything step by step once more- there’s likely just one small setting that’s incorrect.

In Conclusion

SFTP is a simple, secure, and efficient way to do file management on your LowEndBox. We hope this tutorial was helpful to you! Be sure to let us know what you think or ask any questions in the comments below!

1 Comment

  1. Very helpful, thank you.

    April 28, 2019 @ 8:17 pm | Reply

Leave a Reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published. Required fields are marked *