Even with the continued proliferation of cloud services, FTP is still a viable means of uploading and downloading files within your company. This is especially true if you do not want your files saved on a third-party service or if you need to automate the process of exchanging files between machines. Or you might have a need to allow people to upload files from outside of your LAN, and you're looking for the best way to do this securely and reliably.
Thanks to SSH (and SFTP), it's quite simple to do this on Rocky Linux. The reason why we go with SFTP is that it's built-in, it's secure, and it's much easier to configure. We're going to walk you through the process of configuring SSH to be used for SFTP purposes on an internal LAN. If you want users to be able to access the server from outside your LAN, you'll also need to configure your network hardware to allow the traffic and route it to the Rocky Linux server hosting the SSH daemon.
What you'll need
The only things you'll need for this are a running instance of Rocky Linux and a user with sudo privileges. That's it. Let's get to work.
Create an FTP directory
The first thing to do is create a directory that will be used for uploading and downloading files. Log into Rocky Linux, open a terminal window, and create the directory with:
sudo mkdir -p /srv/ftp
Give the new directory the proper permissions with:
sudo chmod 701 /srv/ftp
Create an FTP user and group
Next, we'll create a special group that will be used for SFTP users with the command:
sudo groupadd sftp_users
Create a user that doesn't have regular login privileges but does belong to the new sftp_users group with the command:
sudo useradd -g sftp_users -d /srv/ftp/upload -s /sbin/nologin USERNAME
Where USERNAME is a unique name.
Give the user a password with the command:
Where USERNAME is the name of the user created above.
Create the SFTP upload directory
It's time to create a directory for uploads that is specific to the newly-created user. Create the directory with:
sudo mkdir -p /srv/ftp/USERNAME/upload
Where USERNAME is the name of the new user you created earlier.
Give the new directory the proper permissions with the following two commands:
sudo chown -R root:sftp_users /srv/ftp/USERNAME
sudo chown -R USERNAME:sftp_users /srv/ftp/USERNAME/upload
Again, where USERNAME is the name of the new user you created earlier.
You can now configure SSH so that it's aware of the FTP directory. Open the daemon configuration file with:
sudo nano /etc/ssh/sshd_config
At the bottom of the file, paste the following:
Match Group sftp_users ChrootDirectory /srv/ftp/%u ForceCommand internal-sftp
Save and close the file. Restart SSH with:
sudo systemctl restart sshd
Test the connection
It's now time to test the connection. Open a terminal window on another machine on your network (one that has SSH installed) and issue the command:
Where USERNAME is the name of the user you created and SERVER is the IP address of the Rocky Linux host machine. You will be prompted for the user's password. Upon successful authentication, you'll find yourself at the SFTP prompt, where you can put or get files. For example, to upload the file /home/rocky/rocky_linux.txt to the server, you'd issue the command:
To download the rocky_linux.txt file from the server, the command would be:
One thing to keep in mind is that the user is confined to the /srv/ftp/USERNAME/upload directory (where USERNAME is the user you created). If users will be working with that directory to both upload and download files, you might change the name of that directory to avoid confusion. You could use data instead of upload.
To make this easier for users, you can also use a GUI FTP tool (such as Filezilla) and connect to the server using port 22 (for SSH).
And that's all there is to configuring an FTP server with the help of SSH and sftp on Rocky Linux.