SFTP (SSH File Transfer Protocol) is a secure way to transfer files between remote servers. In this article, we will guide you through the process of setting up SFTP user accounts on Ubuntu 20.04.

Before we begin, make sure that you have a fresh installation of Ubuntu 20.04 and that the OpenSSH server is installed on your system. You will also need to be logged in as a user with sudo privileges.

Create a new system user

The first step is to create a new system user that will be used for SFTP access. To do this, run the following command in the terminal:

sudo adduser sftpuser

This will create a new system user called "sftpuser". You will be prompted to enter a password for the user and some other information.

Create a new SFTP group

Next, we need to create a new group for SFTP users. To do this, run the following command in the terminal:

sudo groupadd sftpgroup

This will create a new group called "sftpgroup".

Add the SFTP user to the SFTP group

After creating the group, we need to add the SFTP user to the group. To do this, run the following command in the terminal:

sudo usermod -a -G sftpgroup sftpuser

This will add the "sftpuser" to the "sftpgroup" group.

Configure the OpenSSH server

Now we need to configure the OpenSSH server to allow SFTP access for the "sftpgroup" group. To do this, open the OpenSSH server configuration file using the following command:

sudo nano /etc/ssh/sshd_config

In the file, find the following lines and update them as follows:

Subsystem sftp internal-sftp

Match Group sftpgroup
        ChrootDirectory %h
        ForceCommand internal-sftp
        AllowTcpForwarding no

These lines tell the OpenSSH server to use SFTP for the "sftpgroup" group, to chroot the users to their home directory, and to prevent them from forwarding TCP connections. Save the file and exit the editor.

Restart the OpenSSH server

After making changes to the OpenSSH server configuration, we need to restart the server for the changes to take effect. To do this, run the following command in the terminal:

sudo systemctl restart ssh

Test SFTP access

To verify that SFTP access is working properly, use an SFTP client to connect to the server using the "sftpuser" credentials. For example:

sftp sftpuser@your-server-ip

Make sure to replace "your-server-ip" with the actual IP address of your server. When prompted, enter the password for the "sftpuser" user.

If the connection is successful, you should be able to see the files in the "sftpuser" home directory. You should not be able to access any other directories outside of the home directory.