How to Create a New SFTP User in Ubuntu with a New SSH Key

If you are an administrator and you create an SFTP user, you will get a username and a password. The user can access the SFTP server with those credentials. However, creating an SFTP user with SSH key can enhance security and reduce the risk of unauthorized access or data breaches. In this article, I will show you how to create a new SFTP user with a new SSH key in Ubuntu.

Key Takeaways

  • Creating a User.
  • Setting up an SFTP server.
  • Generating SSH keys in the server and copying the private key to the client.
  • Generating SSH keys in the client and copying the public key to the server.
  • Accessing a server with SSH key pairs.
  • Enabling Public Key authentication.

Requirements

Process flow chart to create a new SFTP user in Ubuntu with a new SSH Key:process flow chart for how to create a new sftp user with a new ssh key in ubuntu

Distro Used Throughout the Tutorial: Ubuntu 22.04.1 LTS

Watch to Create a New SFTP User in Ubuntu with a New SSH Key

3 Steps of How to Create a New SFTP User with A New SSH Key in Ubuntu

Here I will show you how to create a new SFTP user with new SSH keys in Ubuntu with 3 simple steps.

In addition, you can verify the process by following this guide.

Step 01: Create a User in Ubuntu

In the beginning, I will create a user by the name of “sftp_user” in the server. I will use the adduser command here. Moreover, to know more about creating users, follow this article.

Steps to Follow >

➊ First launch a Ubuntu Terminal in the server.

❷ Now insert the following command to create a user:

sudo adduser sftp_user
EXPLANATION
  • sudo: Grants root privileges.
  • adduser: Creates a new user.
  • sftp_user: Name of the user.

❸ Give your password.

❹ Then set a password for the user.

❺ Retype the password.

❻ Provide additional information or keep pressing ENTER to skip.

❼ Finally, write “Y” to complete the process.Creating a SFTP user for how to create a new sftp user with a new ssh key in ubuntu At the end of this step, you will have a user named “sftp_user” on the server.

Step 02: Setup SFTP Server in Ubuntu

Now I will create an SFTP server. I will install the “OpenSSH” package for that purpose. However, there are other packages available as well.

Steps to Follow >

➊ Copy the following command on the terminal to update Ubuntu:

sudo apt-get update
EXPLANATION
  • sudo: Grants root privileges.
  • apt-get update: Updates the local repository.
Updating the system for "how to create a new sftp user in ubuntu with a new ssh key"❷ Now Insert the command below to install “OpenSSH” package:

sudo apt-get install openssh-server
EXPLANATION
  • sudo: Grants root privileges.
  • apt-get install: Install a given package.
  • openssh-server: Allows to set up an SSH server.
Setting up an SFTP server for how to create a new sftp user with a new ssh key in ubuntu ❸ Then use the following command to allow SSH communication:

sudo ufw allow ssh
EXPLANATION
  • sudo: Grants root privileges.
  • ufw: Firewall of Ubuntu.
  • allow: Allows incoming traffic on a given port.
  • ssh: Denotes port 22.
Allowing ssh connection in the firewall ❹ Now to restart the server and see its status, execute the following two commands one by one:

sudo systemctl restart ssh
sudo systemctl status ssh
EXPLANATION
  • sudo: Grants root privileges.
  • systemctl: Is used to control system services.
  • restart: Restarts a service.
  • status: Shows status of a service.
  • ssh: Name of the ssh service.
Restarting and viewing the server's status for how to create a new sftp user with a new ssh key in ubuntu If you see “active (running)” as in the image above, that means the SFTP server is all set.

❺ At last, insert the command below and press ENTER to find the IP address of the server:

ifconfig
EXPLANATION
  • ifconfig: Displays network interface parameters including IP address.

Note: If your system doesn’t contain “ifconfig”, use the command below to install it:

sudo apt-get install net-tools
Finding IP address of the serverThe IP address of the SFTP server is 192.168.0.52.



Step 03: Generate SSH Key in Ubuntu

SSH key pairs are used to authenticate a client to a server. And, it consists of two keys- a public key and a private key. In general, the public key stays on the server, and the private key is on the client computer. In addition, to know more about SSH keys, follow the example of this article.

See this comparative analysis and pick which one suits you best out of the two methods.

A. Generate SSH keys in the Server

In this method, I will create keys in the server and then transfer the private key to the client.

Steps to Follow >

❶ At first, switch user by the following command:

su - sftp_user
EXPLANATION
  • su: Switches user.
  • sftp_user: Name of the user.
Switching user❷ Now write the command below to generate the SSH key pairs:

ssh-keygen -b 4096
EXPLANATION
  • ssh-keygen: Generates SSH key pairs.
  • -b: Specifies the number of bits.
  • 4096: The number of bits. It provides a high level of security.

Note: You can provide the filename and path or press ENTER skip. Remember, the path should be the absolute path. Moreover, you can set a passphrase or press ENTER skip.

Generating SSH key for "how to create a new sftp user in ubuntu with a new ssh key"If you see an output like this, you have successfully generated SSH key pairs. If you don’t provide a path and key name, the keys will be created in the default (/home/sftp_user/.ssh) directory and their name will go like id_rsa and id_rsa.pub.

❸ (Optional) To view the SSH key pairs, use the command below:

ls .ssh
EXPLANATION
  • ls: Lists the content of a directory.
  • .ssh: A hidden folder in the home directory that stores keys and configuration files by default.
Showing private key and public key
EXPLANATION
  • id_rsa: Private key.
  • id_rsa.pub: Public key.

❹ Then copy the following command to append the public key to the “authorized_keys” file:

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
EXPLANATION
  • cat: Shows the content of a file.
  • ~/.ssh/id_rsa.pub: Path of the public key.
  • >>: Appends the content of the “pub” file at the end of the “authroized_keys” file.
  • ~/.ssh/authorized_keys: Path of the “authorized_keys” file.
Adding key to the authorized_keys file❺ Use the command below to change the permissions of the .ssh directory:

chmod 700 ~/.ssh
EXPLANATION
  • chmod: Changes permissions.
  • 700: Reading, writing and executing permissions for only the User.
  • ~/.ssh: Path of the .ssh folder where the SSH keys and “authorized_keys” file is stored by default.
Changing permission of the .ssh folder❻ Now, in the client computer, launch an Ubuntu Terminal and create the .ssh directory:

mkdir .ssh
EXPLANATION
  • mkdir: Creates a directory.
  • .ssh: Path of the .ssh directory.

Note: There might already be a .ssh directory. In that case, no need to create a new one.

Creating .ssh directory in the client computer❼ Use the following command to change permissions of the .ssh directory:

sudo chmod 700 ~/.ssh
EXPLANATION
  • sudo: Grants root privileges.
  • chmod: Changes permissions.
  • 700: Reading, writing and executing permissions for only the User.
  • ~/.ssh: Path of the .ssh folder where the SSH keys and “authorized_keys” file is stored by default.

Note: You may need to provide the password.

Changing permission of the .ssh folder❽ Then insert the following command to copy the private key to the client computer:

Syntax > scp [OPTION]... USERNAME@IP_ADDRESS:SOURCE DESTINATION

scp [email protected]:~/.ssh/id_rsa ~/.ssh
EXPLANATION
  • scp: Securely transfers between two computers.
  • sftp_user: Name of the user.
  • 168.0.52: IP address of the server.
  • ~/.ssh/id_rsa: Location of the private key in the server.
  • ~/.ssh: Destination of the private key in the client.

Note: Give the password associated with the user.

Copying private key to the client for how to create a new sftp user with a new ssh key in ubuntu At the end of this step, the private key will be successfully copied to the client computer.

❾ Finally, delete the private key from the server by the command below:

rm ~/.ssh/id_rsa

Removing private key from the serverYou should be able to access the server with public-private key pairs now, go to this section to know how.

B. Generate SSH Keys in the Client Computer in Linux

In this method, I will create keys in the client and then transfer the public key to the server.

Steps to Follow >

❶ Open an Ubuntu Terminal on the client computer.

❷ Now write the following command to generate keys:

ssh-keygen -b 4096
EXPLANATION
  • ssh-keygen: Generates SSH key pairs.
  • -b: Specifies the number of bits.
  • 4096: The number of bits. It provides a high level of security.

❸ Give key name and absolute path or press ENTER to skip.

❹ Set a passphrase or hit ENTER to skip.Generating SSH key in the client for how to create a new sftp user with a new ssh key in ubuntu If you don’t give a key name, the keys will go like id_rsa(private key) and id_rsa.pub (public key) and they will be saved in the default (/home/walid/.ssh/) directory.

❺ (Optional) Copy the command below to view the keys:

ls ~/.ssh
EXPLANATION
  • ls: List contents of a directory.
  • ~/.ssh: Path of the .ssh folder.
❻ Now insert the following command to copy the public key to the server:

ssh-copy-id [email protected]
EXPLANATION
  • ssh-copy-id: Installs SSH key on a remote server as an authorized key.
  • sftp_user: Name of the user.
  • 168.0.52: IP address of the server.

❼ Type “Yes” to confirm.

❽ Then provide the password associated with the user.sending the public key to the server for "how to create a new sftp user in ubuntu with a new ssh key"❾ Now delete the public key from the client by using the command below:

rm ~/.ssh/id_rsa.pub
EXPLANATION
  • rm: Removes files and directories.
  • ~/.ssh/id_rsa.pub: Path of the public key in the client computer.
Deleting the public key from the server



Comparative Analysis of Methods to Create a New SFTP User in Ubuntu with a New SSH Key

Here I have listed the pros and cons of the two methods – generate the SSH key in the server and generate the SSH key in the client.

Methods Pros Cons
Creating Keys in Server
  • Centralized management.
  • Simplified access.
  • Dependence on the server.
  • Limited Portability.
Creating Keys in Client
  • Less dependency on the server.
  • Increased portability.
  • Personalized security.
  • Not centrally manageable.
  • Security is dependent on the user’s integrity.

How to Use SSH Key in SFTP?

In the main process, I have shown you how to create a new SFTP user with a new ssh key in Ubuntu. Now I will access the SFTP server with them.

Steps to follow >

➊ Launch an Ubuntu Terminal in the client computer first.

➋ Now write the following command to connect to the server:

sftp [email protected]
EXPLANATION
  • sftp: Transfers files securely using SSH protocol.
  • sftp_user: Name of the user.
  • 192.168.0.52: IP address of the server.

❸ provide the passphrase (if any).

❹ Finally, press the ENTER key from the keyboard.Connecting to the SFTP server for "how to create a new sftp user in ubuntu with a new ssh key" If you have done everything according to this article, you should see something like “Connected to 192.168.0.52” and “sftp>”.



Enable SFTP Authentication With Public Key in Linux

Public key authentication enables a user to log into a server without a password. However, you may need to edit the “sshd_config” file for that purpose. Do the following to configure the server for pubic key authentication:

❶ First press CTRL+ALT+T to open an Ubuntu Terminal in your server.

❷ Then insert the command below to open the sshd_config file:

sudo nano /etc/ssh/sshd_config
EXPLANATION
  • sudo: Grants root privileges.
  • nano: Opens a file in the Nano text editor.
  • /etc/ssh/sshd_config: Path of the “sshd_config” file.
Write or uncomment this line in the sshd_config file:

PubkeyAuthentication yes
EXPLANATION
  • PubkeyAuthentication: Is used to enable and disable public key authentication.

❹ Now press CTRL+O and ENTER to save; CTRL+X to exit.❺ Finally, copy the following command to restart the server:

sudo systemctl restart ssh
EXPLANATION
  • sudo: Grants root privileges.
  • systemctl: Manages system services.
  • restart: Restarts a service.
  • ssh: SSH service.

Conclusion

In this article, I have tried to show you how to create a new SFTP user in Ubuntu with a new SSH key in the best way possible. I have also added multiple methods if necessary. I hope this article was helpful to you.

People Also Ask

Is SSH key required for SFTP?
SSH key is not required for SFTP. You can access an SFTP server using a username and password. However, it is recommended for enhanced security.
How do SSH keys work for SFTP?
SSH keys are used to authenticate a user without a password. There are two keys – a public key and a private key. The public key is placed in the server whereas the private key stays in the client. When a user tries to access a server, the server matches the public key with the private key; thus the server verifies the user’s identity.
Can you have multiple SSH keys for one user?

Yes. You can have multiple SSH keys for one user. However, you need to store them in different files. Moreover, you need to specify the key while connecting a server like: ssh -i /.ssh/id_rsa Username@IP_Address.

Are SSH keys user specific?
Yes, SSH keys are user specific. They are used to authenticate a user to a server without a password through a private key and public key. Thus only authorized users can access the server.
What is the default user when SSH?

The default user is usually the same as the local user. However, it is possible to log in to a server as a different user. For instance, if your username is jim and you want to connect to a server as dwight, you need to use the following command:

ssh -l dwight Hostname
Does SFTP require a user?
Yes. SFTP requires a user to transfer files between a server and a client. And the server will authenticate the user with a username and password or SSH keys.
Where is SSH key file located?
The SSH key files are located in the ~/.ssh directory of a user who owns them by default. However, you can specify their location and name while creating them. Furthermore,  the public key has a .pub extension while the private key has no extension. Therefore, the location of the public key and the private key are ~/.ssh/id_rsa.pub and ~/.ssh/id_rsa respectively.
How to allow users in SSH config?

To allow users in SSH config, you need to edit the /etc/ssh/sshd_config file and add the following

AllowUsers User1 User2 …

Can SSH and SFTP use the same port?
Both SSH and SFTP use the same connection method named Secure Shell. Therefore, there can use the same port, which is port 22. However, a server can be configured to use a different port.

Relaed Articles

5/5 - (7 votes)
LINUX
FUNDAMENTALS
A Complete Guide for Beginners Enroll Course Now
Walid Al Asad

Hello Everyone! I am Walid Al Asad. Currently, I am working at a tech company named Softeko as a Linux Content Developer Executive. I live in Dhaka, Bangladesh. I have completed my BSc. in Mechanical Engineering from Bangladesh University of Engineering and Technology (BUET). You can find me on LinkedIn, and ResearchGate. Read Full Bio

Leave a Comment