SFTPPlus Documentation

Start Page 2. Installation and Upgrade Instructions 2.3. Linux Installation

2.3. Linux Installation

2.3.1. Overview

For Linux systems, SFTPPlus is distributed as a gzipped TAR archive. Installing SFTPPlus consists of unpacking the archive, initializing the configuration, and generating the SSH keys and the SSL key and certificate to be used by the product.

The included default configuration requires the creation of a system account, named sftpplus, under which the SFTPPlus process is executed.

Optionally, you may choose to start SFTPPlus as root, especially if you want it to authenticate operating system users. The sftpplus user is still required in order to drop privileges for all other operations.

To have SFTPPlus started at boot, you can use one of the included unit, init, or service files. These service initialization files have been tested on all supported distributions, but they should work on other systems as well.

2.3.2. Unpacking the archive

After downloading the compressed archive, you can extract its files using the following command:

tar xfz sftpplus-os-arch-version.tar.gz

To install SFTPPlus, move (or copy/link) the unpacked directory to your preferred installation path, for example: /opt/sftpplus.

SFTPPlus may be installed in any location on the local file system. In this documentation page we will assume that SFTPPlus is unpacked in the /opt/sftpplus directory (we will discuss INSTALL_ROOT more later).

2.3.3. Initializing the configuration

When installing SFTPPlus on a machine for the first time, you need to generate the initial configuration file and machine-specific SSH keys. A self-signed SSL certificate will also be generated to help with the initial FTPS and HTTPS testing.

To initialize a fresh SFTPPlus installation, execute the following command (where $ADMIN should be replaced with your favourite administrative username and $PASS with a password to be used for the SFTPPlus $ADMIN user):

cd /opt/sftpplus
./bin/admin-commands.sh initialize --init-admin $ADMIN --init-password $PASS

Default configuration allows external connections to the management web page. Therefore, use a secure password to protect the management web page.

Note

If you don’t want to allow external connections to the Local Manager web-based console, append the –local-admin-access command line argument to the initialization command above:

./bin/admin-commands.sh initialize \
    --local-admin-access \
    --init-admin $ADMIN \
    --init-password $PASS

The initialization step is not required when upgrading SFTPPlus. It will not overwrite the configuration file, SSH keys, and SSL keys and certificates, if existing. In the case that you want to generate a new configuration, manually remove the existing files first.

2.3.4. Configuring the SFTPPlus process user and group

For improved security, SFTPPlus is started by default under a regular account. This requires a dedicated operating system account to be created.

In the following examples, we use the default configuration value of sftpplus for the name of the user to run SFTPPlus.

To create an sftpplus group and user:

groupadd sftpplus
useradd -g sftpplus -c "SFTPPlus" -s /bin/sh -d /opt/sftpplus sftpplus

For instructions regarding Alpine Linux, where these tools might be missing, check our advanced Linux installation page.

You need to adjust the ownership of the files to match the newly created OS user:

cd /opt && chown -R root:root sftpplus
cd /opt/sftpplus && chown -R sftpplus:sftpplus configuration log run

2.3.5. Init system configuration with systemd

On Linux, SFTPPlus’ process is managed by the init system bundled with the distribution: systemd, OpenRC, SysV init, etc.

This page is dedicated to systemd-based distributions such as Red Hat Enterprise Linux version 7 or later, Ubuntu Server 16.04 LTS or later, Amazon Linux version 2 or later, SUSE Linux Enterprise Server 12 or later, Debian Linux 8 or later, etc.

Instructions for distributions not using systemd are available in our advanced Linux installation page.

To configure your operating system to automatically start SFTPPlus on boot, you can use the systemd unit file provided with SFTPPlus.

Customize the WorkingDirectory, ExecStart, and PIDFile paths in accordance to your SFTPPlus installation. By default, the sftpplus user is set for User and Group in the systemd unit file, as SFTPPlus runs under a non-root account at all times. This user must be created as detailed in the previous section. You can also replace it with another username, as long as it’s created appropriately.

Edit this file with your favourite editor, e.g. vi:

cd /opt/sftpplus
vi bin/sftpplus-mft.service

When done, copy it to your systemd’s system sub-directory:

cd /opt/sftpplus
cp bin/sftpplus-mft.service /etc/systemd/system/

2.3.6. Starting and stopping SFTPPlus

In order to start / stop / restart SFTPPlus, or to check its status, you may use:

systemctl COMMAND sftpplus-mft

The following COMMANDs are available:

  • start
  • stop
  • restart
  • try-restart
  • status
  • is-active
  • is-failed
  • show
  • list-dependencies

Instructions for distributions not using systemd are available in our advanced Linux installation page.

2.3.7. Running SFTPPlus on boot

To enable launching SFTPPlus on startup:

systemctl enable sftpplus-mft

Instructions for distributions not using systemd are available in our advanced Linux installation page.

2.3.8. First Steps

After starting SFTPPlus, the Local Manager is a good way to visualize the current configuration that is available, and is even configurable itself.

Note

We highly recommend going through the Getting Started guide first as it contains additional tips for new SFTPPlus installations.

There is also an FAQ section if you have an idea, but are in search of answers.

If you want to skip ahead, the Configuration Instructions or the Usage Instructions will contain detailed information to configure and operate SFTPPlus.