May 23, 2026Guides
How to Set Up SFTP for Secure File Transfer
Use OpenSSH for SFTP uploads to your VPS: create users, chroot jails, and connect with FileZilla or WinSCP.
SFTP (SSH File Transfer Protocol) provides encrypted file upload and download without a separate FTP daemon. On Linux VPS, SFTP is built into OpenSSH — this guide shows safe setup on Hiddence servers.
SFTP with dedicated user
Create a user for file uploads only:
bash
sudo adduser sftpuser
sudo passwd sftpuser
# Test SFTP from client:
sftp sftpuser@YOUR_VPS_IP
# Or use FileZilla: Protocol SFTP, port 22Chroot jail (recommended)
Restrict the user to a single directory for security:
bash
sudo mkdir -p /var/sftp/sftpuser/upload
sudo chown root:root /var/sftp/sftpuser
sudo chmod 755 /var/sftp/sftpuser
sudo chown sftpuser:sftpuser /var/sftp/sftpuser/upload
sudo nano /etc/ssh/sshd_config
# Add at end:
Match User sftpuser
ChrootDirectory /var/sftp/sftpuser
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
sudo systemctl restart sshdConnect from desktop
Popular clients support SFTP out of the box:
- FileZilla — Host: sftp://YOUR_VPS_IP, Port: 22, Logon Type: Normal
- WinSCP — Protocol: SFTP
- macOS Finder — Connect to Server: sftp://user@IP
- Linux: sftp user@IP or scp file user@IP:/path/
- VS Code — Remote SSH extension for direct editing
Security checklist
- Use SSH keys instead of passwords for SFTP users when possible
- Never share root SFTP access with third parties
- Disable password auth for root in sshd_config
- Use chroot for upload-only accounts
- Combine with Fail2ban on SSH port
- Firewall: allow port 22 only from trusted IPs if possible
Tips
- SFTP is not FTP — do not open port 21 unless you need legacy FTP
- For WordPress, prefer SSH keys + sftp in wp-config or use deployment tools
- rsync over SSH is faster for large migrations
- Check permissions if upload fails (755 dirs, 644 files)
- After sshd_config changes, always test SSH in a second session before closing