Introduction

I recently bought a Raspberry Pi 5, and before I start using it for some other projects, I wanted to try to set up a NAS (Network Attached Storage) on it. I already have an offline backup SSD drive, and I wanted to make it accessible from my local network (yes, I know that it defeats the purpose of an offline backup, but I’m not going to use it as a primary backup). I’m not a big fan of using more external protocols like SMB (Samba), because I already have SSH running, why not use protocols built on top of it? So SFTP it is.

SFTP (Secure File Transfer Protocol) is an extension protocol of SSH, and it is widely used for secure file transfer. For me, it is the best choice because it has all the convenience of SSH (like key-based authentication). Also, it eliminates the need for yet another configuration file to be maintained, as it uses the same configuration as SSH.

Installation

Creating a new user

I’ve started with creating a new user on the Raspberry Pi

sudo useradd -m sftp_user

Then I’ve set a password for the user:

sudo passwd sftp_user

Mounting the drive

I’ve started with installing Raspberry Pi OS on the Raspberry Pi 5. I’ve used Raspberry Pi Imager to flash the OS to an SD card. After the installation, I’ve connected the Raspberry Pi to my local network and powered it on. I don’t have a PCI-E SATA adapter yet, so I’ve also connected the SSD drive to the Raspberry Pi using a USB 3.0 to SATA adapter.

Using simple systemd mount service I’ve mounted the SSD drive to /home/sftp_user/nas directory:

[Unit]
Description=Mount NAS drive

[Mount]
What=/dev/disk/by-uuid/12345678-1234-1234-1234-1234567890ab
Where=/home/sftp_user/nas
Type=exfat
Options=defaults

[Install]
WantedBy=multi-user.target

Where 12345678-1234-1234-1234-1234567890ab is the UUID of the SSD drive, that I’ve found using lsblk -f command, and exfat is the file system type of the drive. Options=defaults is the default mount options for the file system, you can learn more about them in the man mount page.

I placed this file in the /etc/systemd/system directory and enabled it using sudo systemctl enable home-sftp_user-nas.mount. The name of the mount service is derived from the Where field in the mount file. The convenience of using systemd is that it will automatically mount the drive on boot and after unexpected unmounts.

Enabling SFTP

Match User sftp_user
    ChrootDirectory /home/sftp_user
    ForceCommand internal-sftp
    AllowTcpForwarding no
    X11Forwarding no

After that I’ve restarted the SSH service using sudo systemctl restart sshd.

Accessing the NAS

I always use key-based authentication for SSH, so I generated a new key pair for this connection on my laptop:

ssh-keygen -t rsa -b 4096 -C "sftp_user@{raspberrypi_hostname_or_ip}"

Then I’ve copied the public key to the Raspberry Pi:

ssh-copy-id sftp_user@{raspberrypi_hostname_or_ip}

After that I’ve tested the connection:

sftp sftp_user@{raspberrypi_hostname_or_ip}

And I was able to access the NAS drive using SFTP. After that I disabled the password-based authentication to the Rasspberry Pi in the /etc/ssh/sshd_config file:

PasswordAuthentication no

Accessing the NAS from a file manager

If you are using an OS that was used by real people (i.e. Linux), you would be able easily mount the SFTP drive using sshfs and access it as a regular file system (i.e. GUI file manager)

sshfs sftp_user@{raspberrypi_hostname_or_ip}:/ /mnt/nas

MacOS and Windows users can use FUSE for MacOS and WinFSP respectively to mount SFTP drives, because it would be too hard for this multi-billion companies to implement such “unimportant” feature in their built-in file managers.

Conclusion

I am really impressed by the simplicity of setting up a NAS on Raspberry Pi 5 using SFTP. It is very lightweight and secure, and it is built on top of SSH, so all the convinience of SSH is available for SFTP. I’m going to use it as a backup for my local network using rsync.