This tutorial will help you to install and secure the OpenSSH server on Pop!_OS Linux. In this tutorial, we will cover the following topics:

1. Installing OpenSSH server on Pop!_OS
2. Configuring the OpenSSH server
3. Using the OpenSSH client to connect to a remote system
4. Securing the OpenSSH server

Step 1: Installing OpenSSH Server on Pop!_OS

The OpenSSH server packages are available under the default system repositories. You first need to update the package manager cache by running the following command:

sudo apt update 

Next, install the OpenSSH server by the below-mentioned command:

sudo apt install openssh-server 

Press ‘y’ when prompted for confirmation. This will install the OpenSSH server and all the necessary dependencies.

Once the installation is complete, the OpenSSH server will be automatically started and enabled to start on boot. You can check the service status by running the ‘systemctl status ssh’ command.

Step 2: Configuring the OpenSSH Server:

Once the OpenSSH server is installed, you can configure it by editing the main configuration file, which is located at “/etc/ssh/sshd_config“. This file contains a number of options that control the behavior of the OpenSSH server.

Some of the most important options that you might want to configure include:

• Port: This option specifies the port number that the OpenSSH server listens on. By default, the OpenSSH server listens on port 22, but you can change this to any unused port number if you want to.

  Port 22

• PermitRootLogin: This option controls whether root login is allowed over SSH. By default, root login is disabled, but you can enable it by setting this option to “yes”.

  PermitRootLogin yes

• PubkeyAuthentication: This option controls whether public key authentication is allowed. By default, public key authentication is enabled, but you can disable it by setting this option to “no”.

  PubkeyAuthentication yes

• PasswordAuthentication: This option controls whether password authentication is allowed. By default, password authentication is enabled, but you can disable it by setting this option to “no”.

  PasswordAuthentication no

Once you have edited the OpenSSH server configuration file, you need to restart the OpenSSH server to apply the changes. You can do this by running the following command:

sudo systemctl restart ssh 

Step 3: Using the OpenSSH Client to Connect to a Remote System:

To connect to a remote system using OpenSSH, you will need to use the OpenSSH client, which is included in most Linux distributions. To connect to a remote system, you need to know the IP address or hostname of the system, as well as the username and password of a user account on the remote system.

To connect to a remote system, open a terminal and enter the following command:

# Syntax
ssh username@remote_system

Replace “username” with the username of the user account on the remote system, and “remote_system” with the IP address or hostname of the remote system. For example, to connect to a remote system with the IP address 192.168.1.100 as the user “user1”, you would enter the following command:

ssh user1@192.168.1.100 

If this is the first time you are connecting to the remote system, you will be prompted to confirm the authenticity of the host. Type “yes” to continue. You will then be prompted to enter the password for the user account on the remote system. Once you have entered the correct password, you will be logged in to the remote system.

Step 4: Securing the OpenSSH Server:

To secure the OpenSSH server, there are several steps you can take:

• Use strong passwords: Make sure that all user accounts on the OpenSSH server have strong, unique passwords. Avoid using easy-to-guess passwords, and use a combination of letters, numbers, and special characters.
• Use public key authentication: Instead of using passwords for authentication, consider using public key authentication. With public key authentication, you generate a public and private key pair, and the public key is copied to the remote system. When you connect to the remote system, you use the private key to authenticate, instead of a password. This is more secure than password authentication, as the private key is much harder to guess than a password.
• Limit access to specific users: Instead of allowing any user to connect to the OpenSSH server, consider limiting access to specific users. You can do this by adding the names of the allowed users to the “AllowUsers” option in the OpenSSH server configuration file.
• Limit access to specific IP addresses: If you only want to allow connections from specific IP addresses, you can use the “AllowUsers” and “DenyUsers” options to specify which users are allowed to connect from which IP addresses.
• Use a firewall: Use a firewall to block access to the OpenSSH server from unwanted IP addresses. You can use the FirewallD service on Pop!_OS to set up a firewall and allow connections only from specific IP addresses.

Conclusion

In summary, OpenSSH is a powerful and flexible tool for securely accessing and managing remote systems. By following the steps outlined in this article, you can install and configure the OpenSSH server on Pop!_OS, use the OpenSSH client to connect to a remote system, and secure the OpenSSH server to protect against unauthorized access.

The post How to Install and Secure OpenSSH Server on Pop!_OS appeared first on TecAdmin.

In this tutorial, we will help you to set up an SFTP server and create an SFTP-only user on Ubuntu 22.04 systems. That account can connect over SFTP but is not able to connect over SSH. Also, this will restrict (chroot) the SFTP user to a specific directory only.

Prerequisites

• A running Ubuntu 22.04 LTS system with shell access
• Requies a sudo privileged account

Step 1 – Installing OpenSSH Server

The Ubuntu servers have already installed the OpenSSH server but the desktop systems may not have it. Use the following command to install and run OpenSSH server:

sudo apt update && sudo apt install openssh-server 

Step 2 – Create SFTP User

First of all, create a new account in your system to use as sftp user.

The following command will create a new account named sftpuser with no shell access. You can change the username of your choice

sudo adduser --shell /bin/false sftpuser 

Step 3 – Configure SFTP Directory

Now, create the directory structure to be accessible by the sftp user.

sudo mkdir -p /var/sftp/files 

Here we will allow users to access the “files” directory only.

Now, change the ownership of the files directory to the sftpuser. So that sftpuser can read and write on this directory only.

sudo chown sftpuser:sftpuser /var/sftp/files 

And set the owner and group owner of the /var/sftp to root. The root user has read/write access on this access. Group members and other accounts have only read and execute permissions.

sudo chown root:root /var/sftp 
sudo chmod 755 /var/sftp 

Step 4 – Update SSH Configuration File

Now edit the SSH configuration file in a text editor

sudo vim /etc/ssh/sshd_config 

and add the following settings at end of file.

Match User sftpuser
	ForceCommand internal-sftp
	PasswordAuthentication yes
	ChrootDirectory /var/sftp
	PermitTunnel no
	AllowAgentForwarding no
	AllowTcpForwarding no
	X11Forwarding no

Make sure to add configuration after the Subsystem line as shown in below screenshot:

Save the configuration file and close it.

Now validate the configuration file.

sudo sshd -t 

If the validation is successful, no output will be displayed. In case, any error shows in the output, make sure to fix it before running the next commands.

Restart the SSH service to apply changes.

sudo systemctl restart ssh 

All done. SFTP-only user is successfully created on your Ubuntu system. Now try logging into the remote system with the new user’s credentials, and check if everything is working correctly.

Step 5 – Connect to SFTP User

One can connect to a remote SFTP server using a command line or graphical applications like Filezilla or WinSCP. In this tutorial, I will show you both ways to connect sftp to only an account on the Ubuntu system.

Linux users can use the sftp command-line utility to connect to a remote sftp instance.

sftp sftpuser@192.168.1.210 

sftpuser@192.168.10.100's password:
sftp>

You can also connect to a remote SFTP server using graphical interface applications like FileZilla. That is available for both Linux and Windows users. Open the Filezilla application and input to sftp details:

• Host: sftp://system-ip-host
• Username: Use SFTP user created in step 1.
• Password: Use SFTP user password created in step 1.
• Port: Use SSH server port or keep empty for default port.

Click the Quickconnect button:

Verify no shell access:

As this account is configured for SFTP-only connection. So if any user tried to connect via SSH will be disconnected immediately after successful authentication. The user will get the below message:

ssh sftpuser@192.168.1.210  

sftpuser@sftp.tecadmin.net's password:
This service allows sftp connections only.
Connection to sftp.tecadmin.net closed.

Conclusion

In conclusion, setting up an SFTP server is a great way to securely transfer files between computers. By following the steps in this article, you can set up your own SFTP server in no time on Ubuntu systems. If you have any questions, feel free to leave a comment below and we’ll be happy to help.

The post How to Create SFTP User in Ubuntu 22.04 (No Shell Access) appeared first on TecAdmin.

So to solve this problem, SSH allows you to set and use the ssh config file for different use-cases. SSH uses a system and custom or user-specific configuration file. You can customize and configure client-side connection options and can store information of every remote server you connect with. In today’s article, we will explain how to use the ssh config file and explain some of the common configuration options.

With an SSH config file, you can define and store settings for specific remote machines. And this eliminates the need to keep a track of every information like password, username, IP address, etc required to connect with a remote server.

What is the location of the SSH Config file

So as we told you previously, two types of configuration files are available in SSH – System-wide and User-specific(Custom) configuration files. And their locations are:

1. System-wide configuration file: This file mainly contains default information that applies to all the system users and you can find it at /etc/ssh/ssh_config
2. User Specific or Custom configuration file: This configuration file is specific to the user and in this article; this file will be our major focus.

Every user can maintain a custom or client-side SSH configuration file and it can store some common information that is used while making a connection. The file remains in read and write format for the user and others cannot access that.

The Client or custom configuration file is stored in the user’s home directory in the ~/.ssh directory. You will find it here – ~/.ssh/config or $HOME/.ssh/config

By default, the user-specific configuration file does not exist. So you can create it with this command:

touch ~/.ssh/config 

Also, if you do not find the ~/.ssh directory, you can create it with this command:

mkdir -p ~/.ssh 
chmod 0700 ~/.ssh  

Understand the structure of the SSH Config file

The Configuration file is specific to every host and contains information related to connection with a server. Every section starts with a header definition for the host and it is followed by the information and values that should be matched for connections. The file format will look like this:

Host Host1
    ssh_option1 Value Custom Value
    ssh_option2 Value Custom Value
    ssh_option3 Value  Custom Value

Host Host2
    ssh_value Value Custom Value

Host *
    Ssh_option Value Custom Value

How does the SSH configuration file work

Normally if you want to connect to a remote server, you will use this command:

ssh -i ~/.ssh/id_rsa -p 22 hostname@IPaddress 

It is not an easy task to remember the hostname and IP address of all the servers you connect with. So with the configuration file, you can connect with a single command.

ssh hostname 

The SSH will use the information from the configuration file to connect to the remote server. So let’s understand the working of the config file. For example, if you run the following command:

ssh Host1 

SSH will first match the hostname with each host mentioned in the config file with a top-to-down approach and will find the Host1 header file. Once SSH finds a match for Host1, it will check for other hosts too if there is any other similar match. If there is no other match, SSH will interpret the option values mentioned with Host1 to connect with the server.

Using the SSH Config File

Now we know that what is SSH Config file is and how does it work. Now let’s understand how you can use it to simplify the remote connection environment.

Open the configuration file in an Editor.

vi ~/.ssh/config 

And you can define username, IP address, and port values in it. For example:

Host TecAdmin
         HostName 192.167.54.19
         Port 2222
         Forwardx11 no

Host *
         User tecadmin1
         IdentityFile ~/.ssh/id_rsa
         Protocol 2
         Compression yes
         ServerAliveInterval 60
         ServerAliveCountMax 20
         LogLevel Info

Explanation of values used in the file:

• HostName: IP address of the remote server host in which you want to login.
• User: Name of the user, you will log in as.
• Port: The port you want to connect on the remote server.
• Protocol: The version of protocol SSH should prefer. You can enter multiple values separated by a comma.
• IdentityFile: Location of file that contains RSA, ECDSA, and DSA authentication Identity of the user.
• ForwardX11: It allows you to forward the remote server display on your machine.
• Compression: You want to use compression during the remote server connection or not. Turning it on can be useful for you if you have a slow connection
• ServerAliveinterval: It is used to set a timer in seconds for the server connection and in the given time if no response is received from the server, ssh will send a message to request a response.
• ServerAliveCountMax: It sets the number of messages that should be sent to request a response from the server.
• LogLevel: It tells the verbosity level used when logging.

Conclusion

So now you know, how a single configuration file can be so useful for you if you connect with remote servers frequently. You do not need to remember multiple hostnames, ip addresses, and ports.

The post How to Use SSH Config File appeared first on TecAdmin.

SSH works by installing SSH server and SSH application respectively on destination(remote) and source(Client) machine.

After installing the SSH application on the client-side, you can provide information related to the remote server. On the server-side, There will be an SSH daemon that continuously checks for specific TCP/IP ports for client connection requests. Once the client initiates the connection requests with the right credentials, the SSH daemon starts exchanging the identification data with the client to establish a secured remote connection.

You can log in to your remote SSH server by types:

• Password Authentication
• Public Key Authentication (Passwordless)

In this tutorial, we will find out how to set up a Public key-based or passwordless SSH Login.

How to Setup Passwordless SSH Login

In passwordless or key-based authentication we create a pair of keys –

• Private key: Stored securely and secretly on the client-side.
• Public key: Stored or given to the server that we want to access.

When we try to connect with a remote server using the authentication key, a message will be created by the public key based on the remote server. That message can only be read with the private key based on the client-server. After reading that message, the Client-server will send a response to the remote server to verify and establish the connection. Once you create and set up the keys, the entire process will be completed automatically.

How to create SSH Keys

So before we create a new key pair, let’s check once if you have already a key pair or not on your system, and for that, you can run the following command in your command line:

ls -al ~/.ssh/id_*.pub 

If you find the keys then you can use them for the further process otherwise you can create new ones. To generate new key pair, open your command line and enter this code:

ssh-keygen -t rsa 

Enter and accept the default location. Next, you will be asked for a passphrase. It depends on you that if you want it or not. If you do not want it then press Enter otherwise enter a passphrase for an extra layer of security. Also, not using a passphrase will help you in automating a lot of tasks. After hitting Enter, your keys will be created. You can list your keys with this command.

ls ~/.ssh/id_* 

Now as we have generated our keys, it’s time to copy the key on the remote server that you want to access. We will do this with the ssh-copy-id command. Type the following command on your command line:

ssh-copy-id -i ~/.ssh/id_rsa.pub remote_username@server_ip_address 

You will be asked for the remote_user password. Once you enter the correct password, the public key will be stored in the remote server.

Now you can log in to your remote server without a password. Use the following command to establish a connection immediately:

ssh remote_username@server_ip_address 

How to disable Password Authentication

So as we have created our SSH keys, now we can disable the password authentication for security. Before disabling the password authentication, make sure you have stored the public key on your remote server and you are able to log in using the authentication key.

To disable the password authentication, enter the following command and open SSH configuration files as a root user or sudo privileged user.

sudo nano /etc/ssh/sshd_config 

Then search for the ‘password authentication’ line and modify it as follow:

PasswordAuthentication no

After changing it, save your file and restart the SSH service.

sudo systemctl restart sshd 

Now you will be able to login into the remote server without a password.

Conclusion

SSH is a secured and easy method to connect to a remote server. It is a simple and common Linux activity and you can learn it for your daily use. And you can even set up a passwordless SSH login by using authentication keys.

The post How to Set Up Passwordless SSH login appeared first on TecAdmin.

This blog post describes you create SFTP-only users without shell access on Ubuntu and Debian systems.

Step 1- Creating a New User

First of all, create a user account in your system to use as an SFTP user. The following command will create a new account named sftpuser with no shell access. You can change the username of your choice

sudo adduser --shell /bin/false sftpuser 

The command will prompt for the password to be set for a new account.

Step 2 – Create Directory for SFTP

Now, create the directory structure to be accessible by the SFTP user.

sudo mkdir -p /var/sftp/files 

Here we will allow users to access the “files” directory only.

Now, change the ownership of the files directory to the sftpuser. So that SFTP users can read and write on this directory only. No files outside of this directory will be accessible.

sudo chown sftpuser:sftpuser /var/sftp/files 

And set the owner and group owner of the /var/sftp to root. The root user has read/write access on this access. Group members and other accounts have only read and execute permissions.

sudo chown root:root /var/sftp 
sudo chmod 755 /var/sftp 

It will restrict SFTP users from writing files under /var/sftp directory.

Step 3 – Configure sshd for SFTP Only

/etc/ssh/sshd_config is the main configuration file of the OpenSSH server. Be careful with changing this configuration file, because any mistake can lead to connection loss.

Edit the SSH configuration file in a text editor:

sudo vim /etc/ssh/sshd_config 

then add the following settings at end of the file.

Match User sftpuser
	ForceCommand internal-sftp
	PasswordAuthentication yes
	ChrootDirectory /var/sftp
	PermitTunnel no
	AllowAgentForwarding no
	AllowTcpForwarding no
	X11Forwarding no

Save the file and close.

The directives are:

• Match User Defines the username, on which the SFTP only configurations applied. In our case it is: sftpuser
• ForceCommand internal-sftp enforce the SFTP only access to user and restrict for the shell access.
• PasswordAuthentication yes allows password authentication for the user.
• ChrootDirectory /var/sftp Restrict user to access directories under this directory only. Here /var/sftp is act as the root directory of the user.
• AllowAgentForwarding no Specifies whether ssh-agent forwarding is permitted. The default is yes.
• AllowTcpForwarding no Specifies whether TCP forwarding is permitted. The default is yes.
• X11Forwarding no Specified where the graphical application is permitted for not

Restart SSH service to apply new settings:

sudo systemctl restart ssh 

That’s it. You have successfully completed the instructions to create an SFTP-only user on Debian-based systems.

Step 4 – Security Tips (Options)

Here are some basic but important security tips for SFTP accounts in a production environment.

1. Run SSH server on a non-standard port
2. Disallow the password authentication and configure key-based authentication
3. Make sure the firewall is restricted to specific IP addresses only
4. And keep the OpenSSH package up to date

Conclusion

This tutorial describes you create SFTP-only users in the Ubuntu system. It will disabled shell access for the same users to restrict to a specified directory only.

The post How to Create SFTP Only User in Ubuntu & Debian appeared first on TecAdmin.

Most Linux distributions use OpenSSH as the default application as an SSH server. It encrypts all traffic throughout the route and provides a higher level of security. This article describes you to change the OpenSSH server port on a Linux system.

Change SSH Port in Linux

Changing SSH port is a straightforward process in Linux systems. Any system can use the port range 1 to 65535, For TCP, port number 0 is reserved and cannot be used. The default SSH service listens on port 22. Just this port with some other ports.

To change SSH port in Linux, edit OpenSSH configuration file:

sudo nano /etc/ssh/sshd_config 

• Change from – Search for the below line, default it can be commented.

  #Port 22
  

• Change to – Remove ‘#’ symbol from prefix to uncomment above line, Then replace 22 with a non-standard port like:

  Port 2232
  

To save and close file press CTRL + X keys, then press ‘y’ and hit enter button.

Now, restart the SSH daemon to apply changes.

sudo systemctl restart ssh 

That’s it. The SSH service is now running on an updated port as configured above.

Connect SSH to New Port

The SSH service is listening on a non-standard port. So, you have to provide a port number while connecting the server using the ssh client.

Use the following command from the client machine to connect the remote server to a new port.

ssh -p 2232 user@remote-host 

The rsync user follow these instructions to connect remote system on a different port.

Conclusion

This tutorial helped you to secure your Linux server by changing the SSH port to a non-standard port. Once the SSH port is changed, you must update the firewall rules to secure the new port.

The post How to Change SSH Port in Linux appeared first on TecAdmin.

Step 1 – Create Account

First of all, create a user account for the sftp access. For this tutorial, we are creating a user named sftpuser with no shell access. Also, set a strong password for the user.

sudo adduser --shell /bin/false sftpuser
sudo passwd sftpuser

Changing password for user sftpuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

Step 2 – Create Directory

Now, create the directory structure to be accessible by sftp user. we will restrict the new user to this directory only. So the user can’t access files to other directories.

sudo mkdir -p /var/sftp/files

Change the ownership of the directory to newly created sftp users. So that sftpuser can read and write on this directory.

sudo chown sftpuser:sftpuser /var/sftp/files

You must set the owner and group owner of the /var/sftp to root. The root user has read/write access on this access. Group members and other accounts have only read and execute permissions.

sudo chown root:root /var/sftp
sudo chmod 755 /var/sftp

Step 3 – Configure SSH for SFTP

As we know the SFTP runs over the SSH protocol, So we need to configure this in the configuration file. Edit the SSH configuration file in a text editor.

sudo vim /etc/ssh/sshd_config

And add the following settings at end of the file.

Match User sftpuser
	ForceCommand internal-sftp
	PasswordAuthentication yes
	ChrootDirectory /var/sftp
	PermitTunnel no
	AllowAgentForwarding no
	AllowTcpForwarding no
	X11Forwarding no

Save the configuration and restart SSH service to apply changes.

sudo systemctl restart sshd.service

All done, Your system is ready to accept sftp only connection for the created account. Let’s test the sftp connection and also make sure that the user is not authorized to SSH.

Step 4 – Test SFTP Connection

I am using FileZilla for the connection to the SFTP instance from my Windows systems. Linux desktop users can also use Filezilla for connection.

For the Linux server, users can use sftp command-line utility to connect to remote sftp instance.

sftp sftpuser@sftp.tecadmin.net

Connecting to sftp.tecadmin.net...
sftpuser@sftp.tecadmin.net's password:
sftp>

Connect with FileZilla:

This account is configured for SFTP only connection. So if any user tried to connect via SSH will be disconnected immediately after successful authentication. User will get below message:

ssh sftpuser@sftp.tecadmin.net

sftpuser@sftp.tecadmin.net's password:
This service allows sftp connections only.
Connection to sftp.tecadmin.net closed.

The above message (This service allows sftp connections only.) shows that the user has sftp access only. Users can’t connect server over SSH.

The post How to Create SFTP User without Shell Access on CentOS/RHEL 8 appeared first on TecAdmin.

Step 1 – Create Account

First of all, create a user account to use for sftp access. Below command will create user named sftpuser with no shell access.

sudo adduser --shell /bin/false sftpuser
sudo passwd sftpuser

Step 2 – Create Directory

Now, create the directory structure to be accessible by sftp user.

sudo mkdir -p /var/sftp/files

Change the ownership of the files directory to sftp user. So that the sftpuser can read and write on this directory.

sudo chown sftpuser:sftpuser /var/sftp/files

And set the owner and group owner of the /var/sftp to root. The root user has read/write access on this access. Group members and other accounts have only read and execute permissions.

sudo chown root:root /var/sftp
sudo chmod 755 /var/sftp

Step 3 – Configure SSH for SFTP

Now edit the SSH configuration file in a text editor

sudo vim /etc/ssh/sshd_config

and add the following settings at end of file.

Match User sftpuser
	ForceCommand internal-sftp
	PasswordAuthentication yes
	ChrootDirectory /var/sftp
	PermitTunnel no
	AllowAgentForwarding no
	AllowTcpForwarding no
	X11Forwarding no

Save the configuration and restart SSH service to apply changes.

sudo systemctl restart sshd.service

Step 4 – Test SFTP Connection

I am using FileZilla for the connection to the SFTP instance from my Windows systems. Linux desktop users can also use Filezilla for connection.

For the Linux server, users can use sftp command-line utility to connect to remote sftp instance.

sftp sftpuser@sftp.tecadmin.net

Connecting to sftp.tecadmin.net...
sftpuser@sftp.tecadmin.net's password:
sftp>

Connect with FileZilla:

As this account is configured for SFTP only connection. So if any user tried to connect via SSH will be disconnected immediately after successful authentication. User will get below message:

ssh sftpuser@sftp.tecadmin.net

sftpuser@sftp.tecadmin.net's password:
This service allows sftp connections only.
Connection to sftp.tecadmin.net closed.

The post How to Create SFTP User without Shell Access on CentOS/RHEL 7 appeared first on TecAdmin.

Step 1 – Create User

First of all, create a user account to use for sftp access. Below command will create user named sftpuser with no shell access.

sudo adduser --shell /bin/false sftpuser

Step 2 – Create Directory for SFTP

Now, create the directory structure to be accessible by sftp user.

sudo mkdir -p /var/sftp/files

Change the ownership of the files directory to sftp user. So that sftpuser can read and write on this directory.

sudo chown sftpuser:sftpuser /var/sftp/files

And set the owner and group owner of the /var/sftp to root. The root user has read/write access on this access. Group member and other account have only read and execute permissions.

sudo chown root:root /var/sftp
sudo chmod 755 /var/sftp

Step 3 – Configure SSH for SFTP Only

Now edit the SSH configuration file in a text editor

sudo vim /etc/ssh/sshd_config

and add the following settings at end of file.

Match User sftpuser
	ForceCommand internal-sftp
	PasswordAuthentication yes
	ChrootDirectory /var/sftp
	PermitTunnel no
	AllowAgentForwarding no
	AllowTcpForwarding no
	X11Forwarding no

Save the configuration and restart SSH service to apply changes.

sudo systemctl restart ssh

Step 4 – Test SFTP Connection

I am using FileZilla for the connection to SFTP instance from my Windows systems. Linux desktop users can also use Filezilla for connection.

For Linux server, users can use sftp command line utility to connect to remote sftp instance.

sftp sftpuser@sftp.tecadmin.net

Connecting to sftp.tecadmin.net...
sftpuser@sftp.tecadmin.net's password:
sftp>

Connect with FileZilla:

As this account is configured for SFTP only connection. So if any user tried to connect via SSH will be disconnected immediately after successful authentication. User will get below message:

ssh sftpuser@sftp.tecadmin.net

sftpuser@sftp.tecadmin.net's password:
This service allows sftp connections only.
Connection to sftp.tecadmin.net closed.

The post How to Create SFTP User without Shell Access on Ubuntu 18.04 & 16.04 appeared first on TecAdmin.

SFTP is recommended but in case you only have the FTP server running on remote, use below link for FTP access.

• How to Download and Upload Files using FTP Command Line

Connect to SFTP Server:

SFTP connects to ssh server. You must have the ssh server running on the remote system. Use the following command to connect example.com server as user rahul.

$ sftp rahul@example.com

to connect with different port

$ sftp -P 2222 rahul@example.com

• How to Use SSH to Connect Remote Linux Server

After successful authentication, you will get a sftp prompt. Where you can download or upload files securely. To get available commands type help on sftp prompt.

sftp> help 

Available commands:
bye                         Quit sftp
cd path                     Change remote directory to 'path'
chgrp grp path              Change group of file 'path' to 'grp'
chmod mode path             Change permissions of file 'path' to 'mode'
chown own path              Change owner of file 'path' to 'own'
df [-hi] [path]             Display statistics for current directory or
...
...

Change Local and Remote Directory

First check your local and remote server directory using following commands.

sftp> !pwd
/home/ubuntu

sftp> pwd
/home/rahul

• !pwd – Used to check current directory on local system
• pwd – Used to check current directory on remote system

Now navigate between directories on local and remote sftp system.

sftp> lcd /home/ubuntu/Downloads

sftp> cd Uploads

• lcd – Used to navigate between directories on local system
• cd – Used to navigate between directories on remote system

Download Files from SFTP

Use get command to download file from sftp server to local system drive. Use lcd to change location of local download folder. Below command will download remotefile.txt from remote system to local system.

sftp> get remotefile.txt

To download files and folders recursively use -r switch with get command. Below command will download folder remotedir from remote system to local system recursively.

sftp> get -r remotedir

Upload Files to SFTP

Use put command to upload a file from local system to remote system. Use cd to change location of remote upload folder first. the below command will upload localfile.txt from local system to remote sftp system.

sftp> put localfile.txt

To upload files and folders recursively use -r switch with put command. Below command will upload directory localdir and all files and sub directories to remote server.

sftp> put -r localdir

• How to Setup SSH Keys on Linux

The post How to Download and Upload Files with SFTP Securely appeared first on TecAdmin.