To set up your Raspberry Pi for SFTP (SSH File Transfer Protocol), you’ll need to follow these steps:
- Connect to your Raspberry Pi: Ensure that your Raspberry Pi is connected to the network and accessible via SSH (Secure Shell). You can use a tool like PuTTY (Windows) or the terminal (Linux/macOS) to establish an SSH connection to your Pi.
- Update the system: It’s good practice to update your Raspberry Pi’s operating system before proceeding. Run the following commands to update the system:
sudo apt update
sudo apt upgrade- Install OpenSSH Server: OpenSSH Server allows secure remote access to your Raspberry Pi via SSH. Install it by running the following command:
sudo apt install openssh-server- Configure SSH: By default, SSH server should already be enabled on your Raspberry Pi. However, you may need to modify the configuration file to allow SFTP access. Run the following command to edit the SSH server configuration:
sudo nano /etc/ssh/sshd_configIn the editor, locate the line that starts with Subsystem sftp (usually around line 36) and make sure it is uncommented (remove the leading # if present). If the line doesn’t exist, add the following line:
Subsystem sftp /usr/lib/openssh/sftp-serverSave the file by pressing Ctrl+O, then exit the editor by pressing Ctrl+X.
- Restart SSH service: To apply the changes, restart the SSH service by running the following command:
sudo systemctl restart ssh- Create an SFTP user: It’s a good practice to create a dedicated user for SFTP access. Run the following command to create a new user (replace
usernamewith the desired username):
sudo adduser usernameFollow the prompts to set a password and other optional details for the user.
- Grant SFTP access: By default, the user you created will have SSH access to the Raspberry Pi. To restrict the user to SFTP access only, we’ll modify their SSH configuration. Edit the SSH user configuration file by running the following command:
sudo nano /etc/ssh/sshd_configAdd the following lines at the end of the file:
Match User username
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /path/to/sftp/directory
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding noReplace username with the username you created in step 6. Also, replace /path/to/sftp/directory with the directory you want the user to have access to. This directory will be their SFTP root directory.
Save the file by pressing Ctrl+O, then exit the editor by pressing Ctrl+X.
- Restart SSH service: Restart the SSH service to apply the changes:
sudo systemctl restart ssh- Set appropriate permissions: Ensure that the SFTP user has proper permissions to access the specified directory. Run the following command (replace
usernameand/path/to/sftp/directoryaccordingly):
sudo chown root:root /path/to/sftp/directory
sudo chmod 755 /path/to/sftp/directoryThese commands set the ownership to root and grant read, write, and execute permissions to the owner, while read and execute permissions to others.
- Test the SFTP connection: You can now test the SFTP connection using an SFTP client like FileZilla or WinSCP. Connect to your Raspberry Pi using the SFTP protocol, specifying the IP address or hostname, the SFTP username, and the password you set for that user.
The port you want to forward for SFTP is 22.
That’s it! You have successfully set up your Raspberry Pi for SFTP access. Now you can securely transfer files to and from your Pi using the SFTP protocol.