HOW TO SET UP CONNECTION TO SFTP SERVER
It is impossible to imagine working with a remote server without a secure file transfer system between the system and the user - and it is hard to do something without SFTP. In order for the protocol to work correctly, it is critically important to properly configure SFTP with different versions of both Linux and Windows. In this article, we'll show you how to do it quickly and easily!
What is SFTP?
SSH File Transfer Protocol - this is how the abbreviation SFTP stands. The full name clearly shows the main feature of the protocol: it is built on the Secure Shell technology. This ensures that the transmission of all information is encrypted, from files to usernames and passwords. Even in FTPS (FTP with SSL), not to mention regular FTP, there are more restrictions. By the way, if you go into details, SFTP is not related to FTP at all - they have different technological bases.
In addition to being highly secure, SSH File Transfer Protocol has other advantages:
- one connection for both sending files and commands;
- the ability to interrupt and resume sending files and deleting them;
- support for symbolic links, directory lists, and a number of other functions;
- slightly faster and more stable connection and operation;
- available authentication via SSH key, meaning there is no information about the owner.
Separately, it is necessary to stipulate: the SFTP protocol is used on UNIX systems, and often the standard utilities already have both a client and an SSH server.
How is SFTP configured?
Installing and configuring SSH File Transfer Protocol is not too difficult, but the story should be divided into two directions - depending on the OS used.
Configuring a Server with SSH File Transfer Protocol on Linux
First of all, you should install the SSH package on the server side of OpenSSH and on the user side. The first task is solved by the following commands:
- Ubuntu and Debian: sudo apt install openssh-server
- CentOS and RHEL: sudo yum –y install openssh-server openssh-clients
And to organize access from a computer, you need a command of the following form:
- sudo apt install ssh
After that, you can go directly to the SFTP configuration. All work should be divided into several stages:
1.Creation of groups and users. By creating users and dividing them into groups, you can fine-tune their rights, capabilities and restrictions on access to a particular directory on the server. To do this, you need to do:
- create group: sudo groupadd GROUPNAME
- add a user to it: sudo useradd -g GROUPNAME USERNAME
- set user password: sudo passwd PASSWORD
2. Creation of directories. If the server has a root directory (let's call it ‘catalog’ for example), each user can only have access to a certain "own folder" - it is where he gets when logging in. In this case, you can configure SFTP so that the user can see the contents of the folder, but the file is uploaded to a separate section (for example, ‘loadfolder’). You will need the following commands:
sudo mkdir -p / catalog / USERNAME/loadfolder
sudo chown -R root.GROUPNAME/catalog/USERNAME
sudo chown -R USERNAME.GROUPNAME/catalog/USERNAME/loadfolder
3. Setting up sshd_config. This is necessary for two purposes. On the one hand, the user will have SFTP open (and not the usual SSH shell). On the other hand, he will not be able to go up a level in the directory and see sections for other users. To do this, add the following code in the / etc / ssh / sshd_config file:
Match Group GROUPNAME
ChrootDirectory/catalog/% u
ForceCommand internal-sftp
4. Reboot. To make the whole system work, it remains to restart it:
- sudo systemctl restart sshd
That's it - Linux SFTP setup is complete! Login is similar to the same command under SSH. Use the special syntax to manage the content of the server:
COMMAND [SOURCE] [DESTINATION]
Here are some of the most used examples:
- download from remote server to local: GET photo1.jpg ~/Photos
- download from local to remote: PUT ~/prices/price.pdf loadfolder/
- deleting a file on a remote server: RM loadfolder/ file_325.xlsx
Configuring a Server with SSH File Transfer Protocol on Windows
Initially, Microsoft's desktop and server operating systems did not support SFTP, so third-party tools were required to work with it. But today there is already an official package for such tasks - Win32-OpenSSH. Startup and configuration depend on which version of the operating system is installed.
1. Windows Server 2019 or Windows 10 1803+
These OS options from Microsoft offer the simplest scenario for starting an SFTP server because Win32-OpenSSH is already a part of them. There are two ways to install:
- via PowerShell: set a cmdlet like Add-WindowsCapability -Online -Name OpenSSH.Server *
- via the interface: Settings »Apps» Optional Features »Add a feature» Open SSH Server »Install
It remains to find out the addresses at which all the most important will be located:
- executable files: C:\Windows\System32\OpenSSH\
- config file: C:\ProgramData\ssh\
- log: C:\Windows\System32\OpenSSH\Logs\sshd.log\
- keys:%USERNAME%\.ssh\
2. Windows Server 2016/2012 R2
In this OS, as in the early Windows 10 versions, to configure SFTP, you need to download OpenSSH - look for the version for a 64-bit system on GitHub. After unpacking the archive into the desired directory (for example, C:\catalog_OpenSSH), you need to perform a number of procedures:
- Open PowerShell as an administrator and navigate to the target directory you created earlier with the Cd C:\catalog_OpenSSH cmdlet. Then the path to it must be added to the Path environment variable.
- Start the installation with the command:. \Install-sshd.ps1 (success will be confirmed by a message with green letters). After that, you should generate keys to start the SSH service by specifying: ssh-keygen.exe -A
- In PowerShell, start the SSH service autostart with two sequential commands: Set-Service -Name sshd -StartupType ‘Automatic’ followed by Start-Service sshd on a new line.
- Open TCP port 22 for incoming traffic to the SSH server. This can be done in the firewall through PowerShell with the command: New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
- Open the configuration file (it is located in C:\ProgramData\SSH\) and make sure that the required file is correctly specified in the Subsystem sftp directive - that is, sftp-server.exe.
After configuring SFTP in Windows, all that remains is to make a number of changes to the configuration file. Here are some standard examples:
- AllowGroups corp\admingroup # Allows access to OpenSSH for users of the specified group
- AuthenticationMethods password # denies SSH keys (login will be only by user password)
- ForceCommand internal-sftp #
- ChrootDirectory C:\inetpub\wwwroot\ftpfolder # creates and sets the login directory for the SFTP user
After all the adjustments, launch an SFTP client (for example, WinSCP), enter the server type and name, credentials in it - and log in (the first time you connect, you should see a message that the host key is not in the cache). If the familiar file manager interface with the user directory on the server opens, then everything is configured correctly!
Instead of P.S.
Practice shows: although setting up SFTP is quite simple, in many cases users have various questions and non-standard situations. To understand them, competent help is something worth considering - in the form of professional technical support from the provider. We at HostZealot pay maximum attention to it. Whether you order a VPS for Windows or Linux, you can rely on the advice of our specialists - they will help not only with debugging the SSH File Transfer Protocol but also with any other tasks in setting up your server!