Cloud & DevOps

How to Setup SFTP Server and Client with Key Authentication on Ubuntu

Wisemin August 31, 2025 0 3 min read

Setting up a secure file transfer system with SFTP (SSH File Transfer Protocol) is one of the most reliable ways to manage files on a remote server. In this article, we’ll walk through setting up an SFTP server on Ubuntu, configuring a dedicated user, generating keys with PuTTYgen (Windows), and connecting via WinSCP. We’ll also cover some common pitfalls you may encounter along the way.

Step 1: Create a Dedicated SFTP User

It’s a bad idea to upload/manage web files as root. Instead, create a user specifically for SFTP access.

sudo adduser itindianet

When prompted, set a strong password (or leave it empty if you plan to use keys only).

Then, set the home directory and create a web root:

sudo usermod -d /home/itindianet -m itindianet

sudomkdir-p /home/itindianet/public_html

sudochown-R itindianet:itindianet /home/itindianet/public_html

Now your user has a safe home directory with public_html for web files.

Step 2: Adjust Apache DocumentRoot

Update Apache’s config (/etc/apache2/sites-available/yourdomain.conf) so it points to the new user’s web root:

DocumentRoot /home/itindianet/public_html

<Directory /home/itindianet/public_html>

Options -Indexes +FollowSymLinks

AllowOverride All

Require all granted

</Directory>

Reload Apache:

sudo apache2ctl configtest

sudo systemctl reload apache2

Step 3: Generate SSH Keys with PuTTYgen (Windows)

If you’re using Windows, the easiest way to generate keys is with PuTTYgen.

  1. Open PuTTYgen.
  2. Select RSA as the key type (not SSH-1).
  3. Set key length: 2048 or 3072 bits.
  4. Click Generate and move your mouse until it’s done.
  5. (Optional) Add a passphrase.
  6. Save the private key (.ppk) — this will be used in WinSCP.
  7. Important: Copy the text from the box at the top labeled:Public key for pasting into OpenSSH authorized_keys file⚠️ Do not use the “Save public key” button — that saves in SSH2 format, which Ubuntu won’t accept.

Step 4: Install the Public Key on the Server

On Ubuntu, create the .ssh folder for the user:

sudomkdir-p /home/itindianet/.ssh

sudo nano /home/itindianet/.ssh/authorized_keys

Paste the one-line OpenSSH key (the ssh-rsa AAAAB3... line from PuTTYgen).

Fix permissions:

sudo chown-R itindianet:itindianet /home/itindianet/.ssh

sudo chmod 700 /home/itindianet/.ssh

sudo chmod600 /home/itindianet/.ssh/authorized_keys

Restart SSH:

sudo systemctl restartssh

Step 5: Connect with WinSCP

  1. Open WinSCP.
  2. Protocol: SFTP
  3. Host: yourdomain.com
  4. Username: itindianet
  5. Private key file: select your .ppk
  6. Leave password blank (unless you added a passphrase).

You should now be able to connect securely.

Stats:

  • 80%+ of data breaches involve weak or stolen credentials (Verizon DBIR 2023).
  • SSH/SFTP with key authentication is up to 10x more secure than password-based authentication, due to resistance against brute-force attacks.
  • RSA 2048-bit keys are considered secure until at least 2030; most enterprises now prefer 3072 or Ed25519 for longer-term safety.
  • Using public key authentication can reduce password-based login attempts by bots by 95%, since the server doesn’t even offer password login once disabled.
  • WinSCP is one of the most used SFTP clients worldwide, with over 180 million downloads as of 2024.

Common Pitfalls (Lessons Learned)

  • Wrong key format: If you paste the SSH2-style key (with ---- BEGIN SSH2 PUBLIC KEY ----) into authorized_keys, Ubuntu will reject it. Always use the OpenSSH one-line format from the PuTTYgen top box.
  • Permissions too open: SSH refuses to use keys if .ssh or authorized_keys permissions are loose. Stick to 700 for .ssh and 600 for authorized_keys.
  • Mixing web root and keys: Never place SSH keys in /var/www. Keys belong in the user’s home (/home/username/.ssh/). Keep web files in /home/username/public_html/.
  • Testing locally first: Always try sftp username@localhost from the server itself before testing from WinSCP.

✍️ Need Content Like This?

We craft high-quality, SEO-optimized articles tailored for blogs, news sites, and educational platforms. If you enjoy thoughtful writing and open-source spirit, just buy me a coffee and I’ll write 1,000 words for you. Let’s build something meaningful together. Contact us to get started.
Tags :

Wisemin

View More Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

A Complete Guide to Setting Up a LAMP Stack on Ubuntu on Google Cloud

  Building the Foundation for Dynamic Websites The **LAMP stack**—short for Linux, Apache, MySQL, and PHP—is a timeless and powerful foundation for hosting dynamic websites […]

August 31, 2025 0 5 min read

Securing Your Fresh Ubuntu Server on Google Cloud: A Step-by-Step Hardening Guide

Part 1: Why secure a server? Deploying a new Ubuntu server on Google Cloud provides a powerful and flexible foundation for your applications, from hosting […]

August 30, 2025 0 6 min read

Deploying Your First Website: A Complete Guide to Apache on Ubuntu on Google Cloud

Building your own website from scratch can seem daunting, but with the right tools and a clear roadmap, it’s a rewarding experience that puts you […]

August 31, 2025 0 6 min read

Google Cloud Firewall Policies for Virtual Machines (VPS / Servers)

Your Cloud Server’s Digital Bouncer Imagine your Google Cloud Virtual Machine (VM) as a high-security building. While you’ve carefully chosen its location and equipped it […]

August 30, 2025 0 5 min read
No Ads, No Buy Buttons! IT-INDIA.org