I wanted to set up a simple FTP (sFTP) server for friends to share files without needing to use cloud storage or hosting sites. After some research I found the simplest solution and I wanted to document it here.

Setting Up the FTP Server

You will need a VPS, this is where the FTP server will be hosted on. OpenSSH should already be installed on it. Create a new group and a folder where the FTP server will be.

# groupadd ftp
# mkdir -p /opt/ftp

Configure /etc/ssh/sshd_config to allow users of the ftp group to login with their password. They will be jailed in the /opt/ftp folder and not go outside of it to explore the rest of the filesystem.

Match group ftp
    ChrootDirectory /opt/ftp
    X11Forwarding no
    AllowTcpForwarding no
    PasswordAuthentication yes
    ForceCommand internal-sftp

Remember to restart the SSH daemon.

Adding the User

Create a user for your friend, add them to the ftp group and disallow shell access.

# useradd -g ftp -d /opt/ftp/FriendlyUser -s /sbin/nologin FriendlyUser

/opt/ftp needs to be owned by root, but inside of it create the home folder for the friend if it does not exist and change ownership.

# mkdir -p /opt/ftp/FriendlyUser
# chown FriendlyUser:ftp /opt/ftp/FriendlyUser

Permissions should be 755 if not already. This means that the owner can modify the content, but other members of the ftp group can only view (and download) content, not modify it.

Connecting

Your friend can connect through their preferred FTP client, for example WinSCP (Windows) or FileZilla (cross-platform).

References

• wiki.archlinux.org/title/SCP_and_SFTP