| Current Path : /files/ |
Linux ift1.ift-informatik.de 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 |
| Current File : //files/Setting_Up_SFTP_on_Debian_12.html |
<!DOCTYPE html>
<html lang='en'>
<head>
<script>
(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-PJQPGJF');
</script>
<meta content='width=device-width, initial-scale=1' name='viewport'>
<title>Setting Up SFTP for Secure File Transfers on Debian 12 | Reintech media
</title>
<meta content='SFTP, Secure File Transfer, Debian 12, OpenSSH, SSH, SFTP Configuration, DevOps, Secure File Transfers, SFTP Setup, Secure Transfers Debian
' name='keywords'>
<meta content='Learn how to set up SFTP for secure file transfers on Debian 12. This step-by-step guide covers installation, configuration, and testing of an SFTP server for enhanced security.
' name='description'>
<meta name="twitter:site" content="@reintech_io"/>
<meta content='no-cache' name='turbolinks-cache-control'>
<script type='application/ld+json'>{"@context":"http://schema.org","@type":"SocialMediaPosting","mainEntityOfPage":{"@type":"WebPage","@id":"https://reintech.io/media"},"headline":"Setting Up SFTP for Secure File Transfers on Debian 12","image":["https://img.reintech.io/variants/57drut6n68epoovoja7rt3h059tj/e7b4ce09c703210ab8f75b017c7eaf0951c5a95b737ee8120602845c1c1d944b"],"datePublished":"2024-02-13T12:00:18.303Z","dateModified":"2024-02-13T12:00:18.305Z","author":{"url":"/blog/author/arthur-c-codex","name":"Arthur C. Codex","@type":"Person"},"publisher":{"@type":"Organization","name":"Reintech"},"description":"Learn how to set up SFTP for secure file transfers on Debian 12. This step-by-step guide covers installation, configuration, and testing of an SFTP server for enhanced security.","name":"Setting Up SFTP for Secure File Transfers on Debian 12","url":"/blog/setting-up-sftp-secure-file-transfers-debian-12"}
</script>
<link href='https://reintech.io/assets/home_page/_src/icons/yellow_mini_logo-3f999b5e8c490b4112514a05955f538da06eab6279ba8e8e51dd1a7b324c6a38.svg' rel='icon' type='image/svg+xml'>
<meta content='https://reintech.io/blog/setting-up-sftp-secure-file-transfers-debian-12' property='og:url'>
<meta content='website' property='og:type'>
<meta content='Setting Up SFTP for Secure File Transfers on Debian 12 | Reintech media
' property='og:title'>
<meta content='Learn how to set up SFTP for secure file transfers on Debian 12. This step-by-step guide covers installation, configuration, and testing of an SFTP server for enhanced security.
' property='og:description'>
<meta content='https://reintech.io/rails/active_storage/blobs/redirect/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBdVB2IiwiZXhwIjpudWxsLCJwdXIiOiJibG9iX2lkIn19--ae397919aabe98c6c236af1c2d871ab17b359b79/1v9vy5mgxd3a89w8mq994rkbjm8g
' property='og:image'>
<meta content='198317151088375' property='fb:app_id'>
<link rel="stylesheet" media="all" href="https://reintech.io/assets/media-9268c510adbd4e86c6f424c06801e657cdf390c498ee2bf5f39ae97076ea82f8.css" data-turbolinks-track="reload" />
<script src="https://reintech.io/assets/media-b680e16113d53598c8d654650b88ede118ccafbbde28eab631349d994eb3754d.js" data-turbolinks-track="reload"></script>
<script src="https://reintech.io/packs/media-cebddf7827ee8085a268.js"></script>
<meta name="csrf-param" content="authenticity_token" />
<meta name="csrf-token" content="Gjzg7ITTEDJsovMbGo7f24wNTf/Ir244KM8Xltw/FdjfELmp4MhwPtekJ1Hqb8lkJvKED2IReSro2byH8ulZ2w==" />
<link rel="stylesheet" href="/prism.css">
<script src="/prism.js"></script>
<meta content='article' property='og:type'>
<meta content='Setting Up SFTP for Secure File Transfers on Debian 12' property='og:title'>
<meta content='Setting up SFTP on Debian 12 enhances secure file transfers, leveraging SSH for a protected channel. This guide walks through installing OpenSSH, creating a dedicated SFTP user and group, configuring SSHD, setting up directory structure, and testing the connection.' property='og:description'>
<meta content='2024-02-13 12:00:18 UTC' property='article:published_time'>
<meta content='2024-02-13 12:00:18 UTC' property='article:modified_time'>
<meta content='Arthur C. Codex' name='author'>
<script type="application/ld+json">
{
"@context": "http://schema.org",
"@type": "Organization",
"name": "Reintech",
"url": "https://reintech.io"
}
</script>
<meta name="facebook-domain-verification" content="rp0my1g2g2hu5b1tprxk2c9zgac983" />
<link rel="preconnect" href="https://fonts.gstatic.com">
<link href="https://fonts.googleapis.com/css2?family=Space+Grotesk:ital@0;1&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Raleway:ital@0;1&display=swap" rel="stylesheet">
</head>
<body data-locale='en' data-turbolinks='false'>
<header>
<div class='media-header d-flex flex-wrap justify-content-between align-items-center'>
<a class="logo" href="/blog"><img class="logo" alt="Reintech logo" src="https://reintech.io/assets/media/logotype-1f401e7d307c0b33313fa0492eefe277e22c7792bbcbcfcf5ea80fa0c74527ec.svg" />
</a><a href="/"><span class='nav-media show-hide mr-2 ua active'>Home</span>
</a><a class="nav-media active show-hide en" href="/login">Sign in</a>
<a class="nav-media show-hide en" id="apply" target="_blank" href="/#contact_us">Contact us</a>
<p class='drop hide-show'>
<a aria-controls="header-menu" aria-expanded="false" data-toggle="collapse" role="button" href="#header-menu"><img alt="burger menu icon" src="https://reintech.io/assets/media/burgermenu_icon-663fcc7777349bda49a287fe585bc58b8ffdc83fcd4798983e5190fe64895a35.png" />
</a></p>
</div>
<div class='collapse' id='header-menu'>
<ul class='nav flex-column mt-4'>
<li class='nav-item'>
<a class="nav-link menu-link en" href="/login">Sign in</a>
</li>
<div class='dropdown-divider'></div>
<li class='nav-item'>
<a class="nav-link menu-link en" target="_blank" href="/#contact_us">Contact us</a>
</li>
<div class='dropdown-divider'></div>
<li class='nav-item'>
<a class="nav-link menu-link en" href="/">Home</a>
</li>
<div class='dropdown-divider'></div>
<li class='nav-item'>
<div class='d-flex justify-content-between'>
<span class='nav-link menu-link en active active_language'>English</span>
<a class="nav-link menu-link ua default" href="/media">Українська</a>
</div>
</li>
</ul>
</div>
</header>
<main role='main'>
<script src='https://www.google.com/recaptcha/api.js?render=6LcfZQMqAAAAAKmlFt71BZCG0ksF1W8SmvHmEZC-'></script>
<div class='main-media-page'>
<div class='categories d-flex'>
<a class="btn btn-outline-primary grey-btn mr-2 active en" type="button" href="/blog">All</a>
<a class="btn btn-outline-primary grey-btn mr-2 en" type="button" href="/blog/recruiting-remote-developers">Recruiting</a>
<a class="btn btn-outline-primary grey-btn mr-2 en" type="button" href="/blog/developers">Engineering</a>
<a class="btn btn-outline-primary grey-btn mr-2 en" type="button" href="/blog/career">Career</a>
<a class="btn btn-outline-primary grey-btn mr-2 en" type="button" href="/blog/managing-remote-developers">Managing</a>
<a class="btn btn-outline-primary grey-btn mr-2 en" type="button" href="/blog/soft-skills">Soft Skills</a>
<a class="btn btn-outline-primary grey-btn mr-2 en" type="button" href="/blog/success-stories">Success stories</a>
</div>
</div>
<div class='show-media-page'>
<div class='row main-content'>
<div class='main-post col-lg-8'>
<div class='main-post'>
<div class='post-information d-flex flex-wrap align-items-center'>
<span class='mr-3 mb-1 mt-1 grey'>February 13, 2024</span>
<span class='mr-3 mb-1 mt-1 grey en'>1 min read</span>
<span class='mr-3 mb-1 mt-1 grey d-none en'>views 9857</span>
<span class='mr-3 mb-1 mt-1 grey en'><a href="/blog/author/arthur-c-codex">Arthur C. Codex</a></span>
<a href="/blog/setting-up-sftp-secure-file-transfers-debian-12#chats-box"><span class='mr-3 mb-1 mt-1 grey en'>chats: 5</span>
</a><a type="button" class="mb-1 mt-1 en" href="/blog/developers"><span class='mr-2 purple en'>Engineering</span>
</a><a type="button" class="mb-1 mt-1 en" href="/blog?technology=devops"><span class='mr-2 green en'>DevOps</span>
</a><div data-react-class="media/Heart" data-react-props="{"post_id":"5195","ids":[],"count":492,"main":true,"locale":"en"}" data-react-cache-id="media/Heart-0" class="wrapper-small-heart-main"></div>
</div>
<h1 class='mt-1 en'>Setting Up SFTP for Secure File Transfers on Debian 12</h1>
<div class='post-body'>
<h2>Introduction to SFTP on Debian 12</h2>
<p>Secure File Transfer Protocol (SFTP) is a widely-used protocol for securely transferring files between systems over an unsecured network. It leverages the Secure Shell (SSH) protocol to provide a secure channel. Setting up SFTP on a Debian 12 server is a straightforward process that enhances the security of file transfers. In this article, we will guide software developers through the steps to configure SFTP for secure file transfers on Debian 12.<p><img class="img-fluid main-image" alt="Setting Up SFTP for Secure File Transfers on Debian 12 image" src="https://img.reintech.io/variants/57drut6n68epoovoja7rt3h059tj/e7b4ce09c703210ab8f75b017c7eaf0951c5a95b737ee8120602845c1c1d944b" /></p></p>
<h2>Prerequisites</h2>
<ul>
<li>A Debian 12 server</li>
<li>Access to a user account with sudo privileges</li>
<li>OpenSSH server installed</li>
</ul>
<h2>Step 1: Installing OpenSSH Server</h2>
<p>If you haven't installed the OpenSSH server yet, you can install it by running:</p>
<pre><code class="language-sh">sudo apt update
sudo apt install openssh-server</code></pre>
<p>Once installed, the SSH service will start automatically. You can check its status with:</p>
<pre><code class="language-sh">sudo systemctl status ssh</code></pre>
<h2>Step 2: Creating a Dedicated SFTP Group and User</h2>
<p>For enhanced security, it's a good practice to create a specific user and group for SFTP that will have limited access to the server. Execute the following commands:</p>
<pre><code class="language-sh">sudo groupadd sftpusers
sudo useradd -m -g sftpusers -s /bin/false sftpuser
sudo passwd sftpuser</code></pre>
<p>Here, <code>/bin/false</code> is used as the shell to prevent SSH access.</p>
<h2>Step 3: Configuring SSHD for SFTP</h2>
<p>Edit the SSH daemon configuration file to set up the SFTP environment:</p>
<pre><code class="language-sh">sudo nano /etc/ssh/sshd_config</code></pre>
<p>Add or modify the following lines to the end of the file:</p>
<pre><code class="language-sh">Subsystem sftp internal-sftp
Match Group sftpusers
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /sftp/%u
ForceCommand internal-sftp</code></pre>
<p>After saving the changes, restart the SSH service:</p>
<pre><code class="language-sh">sudo systemctl restart ssh</code></pre>
<h2>Step 4: Setting Up the SFTP Directory Structure</h2>
<p>Create the directory structure for the SFTP user:</p>
<pre><code class="language-sh">sudo mkdir -p /sftp/sftpuser/files
sudo chown root:sftpusers /sftp/sftpuser
sudo chmod 755 /sftp/sftpuser
sudo chown sftpuser:sftpusers /sftp/sftpuser/files</code></pre>
<p>This ensures that the SFTP user can only access the 'files' directory.</p>
<h2>Step 5: Testing SFTP Connection</h2>
<p>From your local machine, connect to the SFTP server using the following command:</p>
<pre><code class="language-sh">sftp sftpuser@your_debian_server_ip</code></pre>
<p>Replace <code>your_debian_server_ip</code> with the actual IP address of your Debian 12 server. If everything is configured correctly, you should be logged into the SFTP session.</p>
<h2>Conclusion</h2>
<p>By following the steps outlined in this article, you can successfully set up an SFTP server on Debian 12 for secure file transfers. This protocol ensures that your data is encrypted and protected from unauthorized access during transmission. For organizations looking to scale their operations or requiring additional expertise, considering to <a href="https://reintech.io/hire-remote-devops-engineers">hire remote DevOps engineers</a> can be an effective way to enhance your team's capabilities.</p>
<h2>Final Thoughts</h2>
<p>Security is paramount in today's digital world, and SFTP provides a reliable way to transfer files securely. Always ensure that your server is updated with the latest security patches, and monitor your SFTP server for any unusual activities. With the right setup and maintenance, SFTP can be a powerful tool in your security arsenal.</p>
</div>
<script>
function encodePreElements() {
var pre = document.getElementsByTagName('code');
for(var i = 0; i < pre.length; i++) {
var txt = pre[i].innerHTML;
txt = txt.replaceAll('"', '"')
if(txt.indexOf('>') >=0 && txt.indexOf('<') >= 0){
var encoded = htmlEncode(txt);
encoded = encoded.replaceAll('<br>', '');
encoded = encoded.replaceAll('<p>', '');
encoded = encoded.replaceAll('</p>', '');
pre[i].innerHTML = encoded;
}
}
};
function htmlEncode(value) {
var div = document.createElement('div');
var text = document.createTextNode(value);
div.appendChild(text);
return div.innerHTML;
}
</script>
<script>
encodePreElements();
</script>
<div data-react-class="media/OutdatedContent" data-react-props="{"post_id":"5195","url":"/media/setting-up-sftp-secure-file-transfers-debian-12/create_outdated_report","reports":[],"locale":"en"}" data-react-cache-id="media/OutdatedContent-0" class="wrapper-outdated-content mt-2 mb-2"></div>
<div class='social-links-block d-flex flex-wrap'>
<span class='mr-3 mt-2 mb-2 en'>Share:</span>
<div aria-label='Basic example' class='btn-group btn-group-sm mt-2 mb-2' role='group'>
<a class="en btn btn-outline-success" data-network="facebook" onclick="window.open('https://www.facebook.com/sharer/sharer.php?u=https://reintech.io/media/setting-up-sftp-secure-file-transfers-debian-12', 'facebook-share-dialog', 'width=626,height=436'); return false;" href="#">Facebook</a>
<a class="en btn btn-outline-success" target="_blank" href="http://twitter.com/share?text=Setting Up SFTP for Secure File Transfers on Debian 12&url=https://reintech.io/media/setting-up-sftp-secure-file-transfers-debian-12">Twitter</a>
<a class="en btn btn-outline-success" target="_blank" href="https://www.linkedin.com/sharing/share-offsite/?url=https://reintech.io/media/setting-up-sftp-secure-file-transfers-debian-12">LinkedIn</a>
</div>
<div data-react-class="media/BigHeart" data-react-props="{"post_id":"5195","ids":[],"count":492,"locale":"en"}" data-react-cache-id="media/BigHeart-0" class="wrapper-big-heart mt-2 mb-2"></div>
</div>
<div data-react-class="media/chat_posts/ChatBox" data-react-props="{"locale":"en","url":"/post_chats","post_id":"setting-up-sftp-secure-file-transfers-debian-12","user_uid":"Ws0Tu4atEGqxAlRg","not_available":false,"server_time":"2024-07-13 10:10","chats":[{"id":7710,"summary":"Guide on using rsync with public key authentication to copy a file from a remote SFTP server.","updated_at":"2024-06-21 09:00","created_at":"2024-06-21 04:07:00","user_uid":"qke36gtmuzsHZRNh","messages":[{"id":45645,"body":"To copy a file from a remote SFTP server using `rsync` with public key authentication, follow these steps:\n\n1. **Set Up Public Key Authentication:**\n\n Ensure that public key authentication is properly configured. If you haven't set it up yet, follow these steps:\n\n - **Generate an SSH key pair** on your local machine if you haven't already:\n\n sh\n ssh-keygen -t rsa -b 4096\n \n\n - **Copy the public key** to the remote SFTP server. You can use the `ssh-copy-id` command for this:\n\n sh\n ssh-copy-id -i ~/.ssh/id_rsa.pub sftpuser@your_debian_server_ip\n \n\n Replace `id_rsa.pub` with your public key file, and `sftpuser@your_debian_server_ip` with the appropriate username and server IP address.\n\n2. **Use `rsync` to Copy the File:**\n\n Use the `rsync` command with the `-e` flag to specify the use of SSH for the remote connection. Here's a basic example of transferring a file from the remote SFTP server to your local machine:\n\n sh\n rsync -avz -e 'ssh -i /path/to/private_key' sftpuser@your_debian_server_ip:/remote/path/to/file /local/path/to/destination\n \n\n Replace the placeholders with the appropriate values:\n - `/path/to/private_key`: Path to your SSH private key file (e.g., `~/.ssh/id_rsa`).\n - `sftpuser@your_debian_server_ip`: Your remote username and server IP address.\n - `/remote/path/to/file`: Path to the file on the remote server.\n - `/local/path/to/destination`: Path to the destination directory on your local machine.\n\n Here's a complete example:\n\n sh\n rsync -avz -e 'ssh -i ~/.ssh/id_rsa' sftpuser@192.168.1.100:/home/sftpuser/files/test.txt /home/localuser/downloads/\n \n\nThis will securely copy the file `test.txt` from the remote SFTP server to the `/home/localuser/downloads/` directory on your local machine using public key authentication.","sender":"gpt","created_at":"2024-06-21 04:07:08"},{"id":45644,"body":"How do copy a file from a remote sftp server using rsync with public key authentication","sender":"user","created_at":"2024-06-21 04:07:00"}]},{"id":7709,"summary":"The conversation explains how to use rsync over SFTP for secure file transfer on Debian 12.","updated_at":"2024-06-21 10:00","created_at":"2024-06-21 02:30:04","user_uid":"kwLryRZiKprGpWWP","messages":[{"id":45643,"body":"Yes, you can use `rsync` over SFTP for secure file transfer. While `rsync` traditionally uses either its own protocol or SSH, you can also harness its capabilities over SFTP. Here's how you can do it:\n\n### Prerequisites\nEnsure that you have:\n1. `rsync` installed on both the local and remote system.\n2. SFTP and SSH correctly set up as described in the article.\n\n### Using `rsync` with SFTP\n\nTypically, `rsync` will use SSH for data transfer by default, but you can configure it to use SFTP instead by specifying the `--rsh` option with `rsync`.\n\nHere is an example command:\n\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003ersync -avz -e 'ssh -s sftp' /local/directory/ sftpuser@your_debian_server_ip:/remote/directory/\u003c/code\u003e\u003c/pre\u003e\n\n### Breakdown of the Command\n- `-a`: Archive mode that preserves permissions, symbolic links, etc.\n- `-v`: Increases verbosity, letting you see the progress.\n- `-z`: Compresses the data during transfer to reduce the size.\n- `-e 'ssh -s sftp'`: Tells `rsync` to use SSH in specific SFTP mode.\n\n### Example:\nIf you set up your SFTP directory as `/sftp/sftpuser/files`, the full command might look something like this:\n\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003ersync -avz -e 'ssh -s sftp' /local/directory/ sftpuser@your_debian_server_ip:/sftp/sftpuser/files/\u003c/code\u003e\u003c/pre\u003e\n\nThis way, you can leverage the synchronization features of `rsync` while utilizing the secure SFTP protocol for data transfer.","sender":"gpt","created_at":"2024-06-21 02:30:11"},{"id":45642,"body":"does this work with rsync?","sender":"user","created_at":"2024-06-21 02:30:04"}]},{"id":7486,"summary":"The conversation explains how to troubleshoot SSH key-based authentication issues for an SFTP user on a Debian 12 server.","updated_at":"2024-06-09 17:00","created_at":"2024-06-09 13:41:21","user_uid":"iHFQqSUKBHVqXC7r","messages":[{"id":43837,"body":"The \"Connection closed by authenticating user\" error often indicates an issue with user permissions or the SSH configuration. Here are the steps to diagnose and troubleshoot this problem:\n\n\u003ch3\u003eStep 1: Verify SSH Configuration for SFTP\u003c/h3\u003e\n\u003cp\u003eEnsure the SSH configuration explicitly allows SFTP access for the `sftpuser`. Open the SSH configuration file:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003esudo nano /etc/ssh/sshd_config\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eEnsure the following lines are correctly customized for SFTP:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003e\nMatch Group sftpusers\n X11Forwarding no\n AllowTcpForwarding no\n ChrootDirectory /sftp/%u\n ForceCommand internal-sftp\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eSave the file and restart the SSH service:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003esudo systemctl restart ssh\u003c/code\u003e\u003c/pre\u003e\n\n\u003ch3\u003eStep 2: Verify User Directory and Permissions\u003c/h3\u003e\n\u003cp\u003eEnsure the \u003ccode\u003eChrootDirectory\u003c/code\u003e parameter points to a directory with the proper ownership and permissions:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003e\n# Verify and set ownership and permissions\nsudo mkdir -p /sftp/sftpuser/files\nsudo chown root:sftpusers /sftp/sftpuser\nsudo chmod 755 /sftp/sftpuser\nsudo chown sftpuser:sftpusers /sftp/sftpuser/files\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe parent directory (\u003ccode\u003e/sftp/sftpuser\u003c/code\u003e) must be owned by root and not writable by any other user for the chroot jail to work correctly.\u003c/p\u003e\n\n\u003ch3\u003eStep 3: Verify SSH Key Permissions and Ownership\u003c/h3\u003e\n\u003cp\u003eEnsure the \u003ccode\u003e~/.ssh\u003c/code\u003e directory and authorized keys file have the correct permissions and ownership:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003e\n# Set correct permissions and ownership for user's .ssh directory\nsudo chown -R sftpuser:sftpusers /sftp/sftpuser/.ssh\nsudo chmod 700 /sftp/sftpuser/.ssh\nsudo chmod 600 /sftp/sftpuser/.ssh/authorized_keys\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003ch3\u003eStep 4: Review SSH Server Logs\u003c/h3\u003e\n\u003cp\u003eCheck the SSH server logs for more details on why the connection is closing:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003esudo tail -f /var/log/auth.log\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eLook for any error messages or warnings that would indicate why the connection is not successful.\u003c/p\u003e\n\n\u003ch3\u003eStep 5: Explicitly Specify the Port (if Custom)\u003c/h3\u003e\n\u003cp\u003eIf you are using a custom SSH port (e.g., 22072 as shown), ensure you specify this port in your SFTP client:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003e\nsftp -P 22072 sftpuser@88.99.163.99\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eBy following these steps, you should be able to resolve the connection issue and successfully authenticate the `sftpuser` using SFTP.\u003c/p\u003e","sender":"gpt","created_at":"2024-06-09 14:40:44"},{"id":43836,"body":"Connection closed by authenticating user sftpuser port 22072 [preauth]","sender":"user","created_at":"2024-06-09 14:40:35"},{"id":43835,"body":"If you receive the error \"Permission denied (publickey,keyboard-interactive)\", it indicates that the SSH key authentication did not succeed. Here are several steps to troubleshoot and resolve this issue:\n\n\u003ch3\u003eStep 1: Ensure Correct Public Key is Uploaded\u003c/h3\u003e\n\u003cp\u003eVerify that your public key is correctly uploaded to the server in the \u003ccode\u003esftpuser\u003c/code\u003e's \u003ccode\u003e~/.ssh/authorized_keys\u003c/code\u003e file. You can do this by manually inspecting the file:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003essh sftpuser@88.99.163.99 'cat ~/.ssh/authorized_keys'\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eIf the key is not found, manually copy it over:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003e\n# On your local machine\ncat ~/.ssh/id_rsa.pub | ssh sftpuser@88.99.163.99 'mkdir -p ~/.ssh \u0026\u0026 cat \u003e\u003e ~/.ssh/authorized_keys'\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003ch3\u003eStep 2: Set Correct Permissions\u003c/h3\u003e\n\u003cp\u003eEnsure that the \u003ccode\u003e~/.ssh\u003c/code\u003e directory and the \u003ccode\u003eauthorized_keys\u003c/code\u003e file have the correct permissions:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003e\n# Set the correct permissions\nssh sftpuser@88.99.163.99 'chmod 700 ~/.ssh'\nssh sftpuser@88.99.163.99 'chmod 600 ~/.ssh/authorized_keys'\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003ch3\u003eStep 3: Verify SSH Daemon Configuration\u003c/h3\u003e\n\u003cp\u003eCheck the SSH daemon configuration to ensure it allows key-based authentication:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003esudo nano /etc/ssh/sshd_config\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eEnsure the following lines are present and not commented out:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003e\nPubkeyAuthentication yes\nAuthorizedKeysFile %h/.ssh/authorized_keys\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eRestart the SSH service to apply any changes:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003esudo systemctl restart ssh\u003c/code\u003e\u003c/pre\u003e\n\n\u003ch3\u003eStep 4: Check SSH Key Permissions and Ownership\u003c/h3\u003e\n\u003cp\u003eEnsure that the key file and its directory have proper ownership and permissions:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003e\nsudo chown -R sftpuser:sftpusers /sftp/sftpuser/.ssh/\nsudo chmod 700 /sftp/sftpuser/.ssh\nsudo chmod 600 /sftp/sftpuser/.ssh/authorized_keys\n\u003c/code\u003e\u003c/pre\u003e\n\n\u003ch3\u003eStep 5: Review Server Logs\u003c/h3\u003e\n\u003cp\u003eSometimes, the server logs can provide clues. Check the SSH authentication logs on the server:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003esudo tail -f /var/log/auth.log\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eLook for lines indicating why the key authentication failed.\u003c/p\u003e\n\n\u003cp\u003eBy following these steps, you should be able to resolve the \"Permission denied (publickey,keyboard-interactive)\" issue and successfully authenticate using your SSH key.\u003c/p\u003e","sender":"gpt","created_at":"2024-06-09 14:39:06"},{"id":43834,"body":"sftpuser@88.99.163.99: Permission denied (publickey,keyboard-interactive).","sender":"user","created_at":"2024-06-09 14:38:57"},{"id":43827,"body":"To use SSH keys for the `sftpuser` instead of password authentication, you'll need to generate an SSH key pair and configure the server to accept the public key. Here’s a step-by-step guide:\n\n\u003ch3\u003eStep 1: Generate SSH Key Pair on Local Machine\u003c/h3\u003e\n\u003cp\u003eOpen a terminal on your local machine and generate an SSH key pair:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003essh-keygen -t rsa -b 4096 -C \"your_email@example.com\"\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eFollow the prompts to save the key (usually \u003ccode\u003e~/.ssh/id_rsa\u003c/code\u003e) and enter a passphrase if desired.\u003c/p\u003e\n\n\u003ch3\u003eStep 2: Copy Public Key to SFTP Server\u003c/h3\u003e\n\u003cp\u003eUse the \u003ccode\u003essh-copy-id\u003c/code\u003e command to copy your public key to the \u003ccode\u003esftpuser\u003c/code\u003e account on the SFTP server:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003essh-copy-id sftpuser@your_debian_server_ip\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAlternatively, you can manually copy the public key:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003essh sftpuser@your_debian_server_ip 'mkdir -p ~/.ssh \u0026\u0026 cat \u003e\u003e ~/.ssh/authorized_keys'\u003c/code\u003e\n\u003c/pre\u003e\n\u003cp\u003eThen paste your public key contents and hit \u003ccode\u003eCTRL+D\u003c/code\u003e.\u003c/p\u003e\n\n\u003ch3\u003eStep 3: Modify SSH Configuration to Disable Password Authentication (Optional)\u003c/h3\u003e\n\u003cp\u003eFor additional security, you can disable password authentication by editing the SSH daemon configuration file:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003esudo nano /etc/ssh/sshd_config\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eFind and modify the following lines:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003e\nPasswordAuthentication no\nChallengeResponseAuthentication no\nUsePAM no\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eRestart the SSH service to apply changes:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003esudo systemctl restart ssh\u003c/code\u003e\u003c/pre\u003e\n\n\u003ch3\u003eStep 4: Connect Using SSH Keys\u003c/h3\u003e\n\u003cp\u003eNow, connect to the SFTP server using your SSH key:\u003c/p\u003e\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003esftp sftpuser@your_debian_server_ip\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eIf configured correctly, the `sftpuser` should be authenticated with your SSH key, enhancing the security of your file transfers.\u003c/p\u003e\n\n","sender":"gpt","created_at":"2024-06-09 13:41:32"},{"id":43826,"body":"how to use sssh keys to ftpuser","sender":"user","created_at":"2024-06-09 13:41:21"}]},{"id":6151,"summary":"The user asked questions unrelated to the provided SFTP on Debian 12 article, and later inquired about using a specific user instead of a group for SFTP access, followed by a question about the 'ForceCommand' directive in 'sshd_config'.","updated_at":"2024-04-03 23:00","created_at":"2024-04-03 19:30:48","user_uid":"E3Jd3OPWK4bSzRNn","messages":[{"id":31699,"body":"\u003cp\u003e\u003ccode\u003eForceCommand\u003c/code\u003e is a configuration option in the \u003ccode\u003esshd_config\u003c/code\u003e file for the OpenSSH server. It overrides the command to be executed when a user logs in via SSH. When specified in conjunction with SFTP, it can enforce that users only execute the SFTP server upon login, thus limiting their abilities to perform other shell commands or access the rest of the system over SSH.\u003c/p\u003e\n\n\u003cp\u003eHere's a brief explanation of how it's used in the context of SFTP:\u003c/p\u003e\n\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003eForceCommand internal-sftp\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eThis line in the \u003ccode\u003esshd_config\u003c/code\u003e file means that when a user in the matched group or user logs in, instead of getting a regular shell, the user is forced to run the internal SFTP server. This is commonly used as part of a chroot setup to provide controlled access to files and directories.\u003c/p\u003e\n\n\u003cp\u003eThe internal SFTP server is a secure way to offer file transfer capabilities without any additional shell access to the system. This is particularly important for secure environments where you want to limit the users' capabilities to only transferring files.\u003c/p\u003e","sender":"gpt","created_at":"2024-04-03 19:38:54"},{"id":31698,"body":"what is ForceCommand","sender":"user","created_at":"2024-04-03 19:38:36"},{"id":31697,"body":"\u003cp\u003eYou're welcome! If you have any more questions or need further assistance, feel free to ask. Good luck with your SFTP setup on Debian 12!\u003c/p\u003e","sender":"gpt","created_at":"2024-04-03 19:35:53"},{"id":31696,"body":"thanks mate","sender":"user","created_at":"2024-04-03 19:35:51"},{"id":31695,"body":"\u003cp\u003eYes, you can configure SFTP to restrict access for a specific user instead of a group. You would need to adapt the configuration in the \u003ccode\u003esshd_config\u003c/code\u003e file to match the specific user. Here's what you need to do:\u003c/p\u003e\n\n1. Open the SSH daemon configuration file:\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003esudo nano /etc/ssh/sshd_config\u003c/code\u003e\u003c/pre\u003e\n\n2. Add or modify the following lines to match the specific user, ensuring to replace `sftpuser` with the actual username:\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003eSubsystem sftp internal-sftp\n\nMatch User sftpuser\n\tX11Forwarding no\n\tAllowTcpForwarding no\n\tChrootDirectory /sftp/%u\n\tForceCommand internal-sftp\u003c/code\u003e\u003c/pre\u003e\n\n3. After saving the changes, restart the SSH service:\n\u003cpre\u003e\u003ccode class=\"language-sh\"\u003esudo systemctl restart ssh\u003c/code\u003e\u003c/pre\u003e\n\n\u003cp\u003eMake sure you have the directory structure set up correctly for that user and the permissions are properly assigned. Remember that the home directory of the SFTP user must be owned by \u003ccode\u003eroot\u003c/code\u003e and not writable by the user. The subdirectory (\u003ccode\u003efiles\u003c/code\u003e in the article example) is where the SFTP user will have write access.\u003c/p\u003e","sender":"gpt","created_at":"2024-04-03 19:33:44"},{"id":31694,"body":"can i use user instead of group","sender":"user","created_at":"2024-04-03 19:33:30"},{"id":31691,"body":"\u003cp\u003eI'm here to provide specific assistance related to the configuration of SFTP on Debian 12. Should you need guidance on that subject or any related technical matter, please do ask!\u003c/p\u003e","sender":"gpt","created_at":"2024-04-03 19:32:48"},{"id":31690,"body":"but you already said that","sender":"user","created_at":"2024-04-03 19:32:45"},{"id":31689,"body":"\u003cp\u003eIf you're interested in SFTP on Debian 12 or have questions about configuring secure file transfers, let me know how I can assist you!\u003c/p\u003e","sender":"gpt","created_at":"2024-04-03 19:32:34"},{"id":31688,"body":"why is it called tic-tac-toe","sender":"user","created_at":"2024-04-03 19:32:31"},{"id":31687,"body":"\u003cp\u003eI'm here to help with technical inquiries, including SFTP setup on Debian 12. If you have questions or need assistance with that, I'd be happy to help! As for games, I suggest finding a game app or website that offers tic-tac-toe to enjoy the game. If you need help with anything else, just let me know!\u003c/p\u003e","sender":"gpt","created_at":"2024-04-03 19:32:07"},{"id":31686,"body":"how about a nice game of tic tac","sender":"user","created_at":"2024-04-03 19:32:03"},{"id":31685,"body":"\u003cp\u003eI'm here to help with topics related to SFTP on Debian 12. If you have any questions about that, feel free to ask!\u003c/p\u003e","sender":"gpt","created_at":"2024-04-03 19:31:12"},{"id":31684,"body":"how old is jeremy clarkson","sender":"user","created_at":"2024-04-03 19:31:09"},{"id":31683,"body":"\u003cp\u003eHello! How can I assist you today?\u003c/p\u003e","sender":"gpt","created_at":"2024-04-03 19:30:49"},{"id":31682,"body":"hello","sender":"user","created_at":"2024-04-03 19:30:48"}]},{"id":4324,"summary":"The user inquired whether an SFTP user can connect to the server over SSH and was informed that it is not possible due to their shell being set to /bin/false.","updated_at":"2024-02-18 15:00","created_at":"2024-02-18 11:15:42","user_uid":"6s0pmLTgx8frHqRr","messages":[{"id":20267,"body":"\u003cp\u003eNo, the SFTP user created according to the steps in the article is configured with \u003ccode\u003e/bin/false\u003c/code\u003e as its login shell, which prevents the user from obtaining interactive SSH login access. This shell setting is intentional to enhance security by limiting the user's access to SFTP only. If the user attempts to connect via SSH, the server will close the connection immediately after authentication.\u003c/p\u003e","sender":"gpt","created_at":"2024-02-18 11:15:45"},{"id":20266,"body":"can sftp user connect to server ove ssh?","sender":"user","created_at":"2024-02-18 11:15:42"}]}]}" data-react-cache-id="media/chat_posts/ChatBox-0" class="wrapper-chat_box" id="chats-box"></div>
</div>
<div class='main-post apply-subscribe-block' style='padding: 0'>
</div>
<div class='central-author-column'>
<div class='banner-mobile'>
<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3829025371632739"
crossorigin="anonymous"></script>
<!-- blog ad -->
<ins class="adsbygoogle"
style="display:block"
data-ad-client="ca-pub-3829025371632739"
data-ad-slot="8442875499"
data-ad-format="auto"
data-full-width-responsive="true"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
</div>
<div class='dropdown-divider mt-4 mb-4'></div>
</div>
</div>
<div class='col-lg-4'>
<div class='reply-to-block'>
<p>If you're interested in enhancing this article or becoming a contributing author, we'd love to hear from you.</p>
<p>Please contact Sasha at <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="027163716a634270676b6c7667616a2c6b6d">[email protected]</a> to discuss the opportunity further or to inquire about adding a direct link to your resource. We welcome your collaboration and contributions!</p>
</div>
<div class='terms'>
</div>
<div class='mt-5'>
<p>
<a href="/hire-python-devops-flask">Hire Remote Python & DevOps Experts with Flask Skill </a>
</p>
<p>
<a href="/hire-python-devops-openvpn">Hire Remote Python Developers Skilled in DevOps and OpenVPN</a>
</p>
<p>
<a href="/hire-python-devops-developers-slack-web-api">Hire Top-Notch Python and DevOps Developers Skilled in Slack Web API</a>
</p>
</div>
<div class='banner-right'>
<script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3829025371632739"
crossorigin="anonymous"></script>
<!-- blog ad -->
<ins class="adsbygoogle"
style="display:block"
data-ad-client="ca-pub-3829025371632739"
data-ad-slot="8442875499"
data-ad-format="auto"
data-full-width-responsive="true"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
</div>
</div>
</div>
</div>
<div class='show-media-second-part'>
<div class='row mr-0'>
<div class='col-lg-8 pr-0'>
</div>
<div class='col-lg-4'></div>
</div>
</div>
</main>
<script type="text/javascript" src="https://secure.food9wave.com/js/218872.js" ></script>
<noscript><img alt="secure.food" src="https://secure.food9wave.com/218872.png" style="display:none;" /></noscript>
<footer>
<div class='media-footer'>
<div class='desctop'>
<div class='row'>
<div class='col-lg-8'>
<a href="/blog"><img alt="Reintech logo" src="https://reintech.io/assets/media/logo_footer-11f826977160fbe430f0dc0516912582bb93bf2fe55252eac336ba13b0aa36ef.svg" />
</a></div>
<div class='col-lg-4'></div>
</div>
<div class='row categories'>
<div class='col-lg-2'>
<p class='label'>Categories</p>
<p class='name'>
<a class="en" href="/blog/recruiting-remote-developers">Recruiting</a>
</p>
<p class='name'>
<a class="en" href="/blog/developers">Engineering</a>
</p>
<p class='name'>
<a class="en" href="/blog/career">Career</a>
</p>
<p class='name'>
<a class="en" href="/blog/managing-remote-developers">Managing</a>
</p>
<p class='name'>
<a class="en" href="/blog/soft-skills">Soft Skills</a>
</p>
<p class='name'>
<a class="en" href="/blog/success-stories">Success stories</a>
</p>
<p class='name'>
<a class="en" href="/glossary">Glossary</a>
</p>
</div>
<div class='col-lg-2'>
<p class='label en'>Social Media</p>
<p class='name en'>
<a target="_blank" class="en" href="https://www.instagram.com/reintech.io/">Instagram</a>
</p>
<p class='name en'>
<a target="_blank" class="en" href="https://www.facebook.com/reintech.io">Facebook</a>
</p>
<p class='name en'>
<a target="_blank" class="en" href="https://www.linkedin.com/company/reintech-ltd">LinkedIn</a>
</p>
<p class='name en'>
<a target="_blank" class="en" href="https://twitter.com/reintech_io">Twitter</a>
</p>
</div>
<div class='col-lg-4'>
<p class='label en'>Apply as Developer</p>
<a class="apply en" href="/developer/apply"><span>Apply</span>
</a></div>
<div class='col-lg-4'>
<p class='label en'>Contact us</p>
<a class="apply en" href="/#contact_us">Send us a message</a>
</div>
</div>
</div>
<div class='planshet'>
<div class='row'>
<div class='col-6'>
<a href="/blog"><img alt="Reintech logo" src="https://reintech.io/assets/media/logo_footer-11f826977160fbe430f0dc0516912582bb93bf2fe55252eac336ba13b0aa36ef.svg" />
</a></div>
<div class='col-6 language d-none'>
<div class='dropdown drop'>
<a class="dropdownMenuLink dropdown-toggle" aria-expanded="false" aria-haspopup="true" data-toggle="dropdown" role="button" href="#">Eng</a>
<div aria-labelledby='dropdownMenuLink' class='dropdown-menu'>
<span class='dropdown-item en'>English</span>
<a class="dropdown-item ua" href="/media">Українська</a>
</div>
</div>
</div>
</div>
<div class='row categories'>
<div class='col-sm-6 mb-4'>
<p class='label en'>Categories</p>
<div class='row'>
<div class='col-6'>
<p class='name en'>
<a class="en" href="/blog/recruiting-remote-developers">Recruiting</a>
</p>
</div>
<div class='col-6'>
<p class='name en'>
<a class="en" href="/blog/developers">Engineering</a>
</p>
</div>
<div class='col-6'>
<p class='name en'>
<a class="en" href="/blog/career">Career</a>
</p>
</div>
<div class='col-6'>
<p class='name en'>
<a class="en" href="/blog/managing-remote-developers">Managing</a>
</p>
</div>
<div class='col-6'>
<p class='name en'>
<a class="en" href="/blog/soft-skills">Soft Skills</a>
</p>
</div>
<div class='col-6'>
<p class='name en'>
<a class="en" href="/blog/success-stories">Success stories</a>
</p>
</div>
<div class='col-6'>
<p class='name'>
<a class="en" href="/glossary">Glossary</a>
</p>
</div>
</div>
</div>
<div class='col-sm-6 mb-4'>
<p class='label en'>Social Media</p>
<div class='row'>
<div class='col-6'>
<p class='name en'>
<a target="_blank" class="en" href="https://www.instagram.com/reintech.io/">Instagram</a>
</p>
</div>
<div class='col-6'>
<p class='name en'>
<a target="_blank" class="en" href="https://www.facebook.com/reintech.io">Facebook</a>
</p>
</div>
<div class='col-6'>
<p class='name en'>
<a target="_blank" class="en" href="https://www.linkedin.com/company/reintech-ltd">LinkedIn</a>
</p>
</div>
<div class='col-6'>
<p class='name en'>
<a target="_blank" class="en" href="https://twitter.com/reintech_io">Twitter</a>
</p>
</div>
</div>
</div>
<div class='col-sm-6 mb-4'>
<p class='label en'>Apply as Developer</p>
<a class="apply en" href="/developer/apply"><span>Apply</span>
</a></div>
<div class='col-sm-6 mb-4'>
<p class='label en'>Contact us</p>
<a class="apply en" href="/#contact_us">Send us a message</a>
</div>
</div>
</div>
</div>
<div class='dropdown-divider'></div>
<div class='privacy-policy'>
<a class="en" style="color: #918CA0;" href="/privacy-policy">Privacy Policy</a> <a class="en" style="color: #918CA0;" href="/terms">Terms</a> <br>
<span class="en" style="color: #918CA0;">© Reintech 2018 – 2024</span>
</div>
</footer>
</body>
</html>