I recently had to create an SFTP server on our work development system, and after doing a fair bit of Googling on the topic found a good solution. The solution is a combination of research done at different sites. It is this solution I am sharing in hopes that it will help someone else.
This tutorial will help you turn your Windows based system into a SecureFTP server.
Background
Secure Shell (SSH) is a program that lets you log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. When using ssh, the entire login session, including transmission of password, is encrypted and therefore is very secure.
You may have noticed that many webhosts allow ssh access. This means that you can login to their webserver and execute many UNIX commands (the ones they allow you access to) on your account. Not only can you connect to other computers that provide SSH access, but you can also allow others to connect to your computer using SSH.
To take this one step further, you can also turn your Windows PC into a Secure FTP (SFTP) server. SFTP is a program that uses SSH to transfer files. Unlike standard FTP, it encrypts both commands and data, preventing passwords and sensitive information from being transmitted in clear text over the Internet. It is similar to FTP, but because it uses a different protocol, you must use a FTP client that supports SFTP (more about that later). To determine if you want a SFTP server windows 2012, or another version keep reading.
Installing SSH on Windows
Most UNIX based systems (Linux and OSX) come with SSH preinstalled, so connecting to a remote host is very easy. However, if you run a Windows system, you need to download some additional software to make the SSH programs available to you. Fortunately a free open-source project called SSHWindows, provides a nice Windows installer that will setup the SSH client and Server on your system.
Your first step will be to download the Binary Installer Release from SSHWindows. Once downloaded, run the installer and be sure to install both the client and server components.
Configure the SSH Server
In this next step, I have summarized the information that is included with the readme.txt that is included with SSHWindows (it can be found in c:\program files\openssh\docs)
Your first configuration step is to set up the passwd file. You will need to set up the passwd file before any logins can take place.
Passwd creation is relatively easy and can be done using two programs that are included with SSHWindows – mkgroup and mkpasswd. Both of these programs are located in the c:\program files\openssh\bin directory.
To begin creating the group and passwd files, open a command prompt window and navigate to the c:\program files\openssh directory.
You must first create a group file. To add all local groups on your computer to the group file, type the command as shown below:
mkgroup -l >> ..\etc\group
You will now need to create a passwd file. Any users in the passwd file will be able to log on with SSH. For this reason, it is recommended that you add users individually with the -u switch. To add a user to the passwd file type the command shown below:
mkpasswd -l -u username >> ..\etc\passwd
NOTE: the username specified above must be an existing windows login account.
Creating Home Directories for you Users
In the passwd file, you will notice that the user’s home directory is set as /home/username, with username being the name of the account. In the default install, the /home directory is set to the default profile directory for all users. This is usually c:\documents and settings.
If you want to change this location you will need to edit the passwd file. The passwd file is in plain text and can be edited in Notepad or any text editor. The last two entries for each user are safe to edit by hand. The second to last entry (/home/username) can be replaced with any other directory to act as that user’s home directory. It’s worth noting that when you run SSH on windows, you are actually running SSH in a scaled down version of cygwin, which is a Unix emulator for Windows. So, if you will be placing the user somewhere outside the default directory for their Windows profile, you will need to use the cygdrive notation.
To access any folder on any drive letter, add /cygdrive/DRIVELETTER/ at the beginning of the folder path. As an example, to access the winnt\system32 directory on the *c:* drive you would use the path:
*/cygdrive/c/winnt/system32*
Connecting to your SFTP Server
To connect to your new SFTP server, you will need to download an FTP client that supports SFTP. I use Filezilla which is a nice free FTP and SFTP client. You might also try WinSCP which is another free SFTP client. It is important that the server you wanted to connect to is running SSH.
To test if your server is running, create a new connection in your client and specify SFTP as the server type, 22 as the port, and localhost or 127.0.0.1 as the server name. You will also need to provide the user account and password for any account that you added to your passwd file. Now connect to the server. If all went well, you should see a directory listing where you pointed the home folder to. If not, there are a couple of things to check. Make sure your Windows firewall is set to allow traffic over port 22 and finally double check your passwd file to make sure that the account you added is actually there.
Security
Because SSH allows access to only Windows user accounts, you can restrict access based upon NTFS file permissions. As such, SFTP does not provide for chroot jails (a Unix method for locking a user to his/her home directory). Simply lock down your filesystem for that user, and SFTP will respect that.
Summary
In the end, setting up an SFTP server turned out to be a very effortless task. With a couple of open source programs and a couple of command-line commands, you can up and running in no time at all! Try this link for info on a free mail server on Windows.
I’m aware that a certain percentage of people who get to this page don’t find the info they need. I don’t consider Digital Media Minute an overly commercial site, but I’ve decided to include a link to a product that will help some of those people.
ADDITIONAL READING:
1. Common SSH Commands
2. Open SSH
If you are interested in setting up a secure web server and/or self-hosting, including installing and configuring either IIS, Apache or PWS, router configuration. etc., Click Here. (Updated: March 02 2012)
i cant find this passwd file and it wont connect
I have followed all the instructions and have succesfully installed ssh and filezilla however I don’t really get the last part where you say create a new client connection and specify it where is this done at, my server wont let me connect to it
Great instructions. The only thing I would add is to check to make sure the service is running after the installation. Otherwise everything worked perfectly.
Doesn’t look like the Binary installer installed the services. How do I install the sshd service?
Thx!!! Works perfect.
Works great but the download transmission speed is considerably slower than normal FTP. For instance, I can download at 120kbs via FTP but only around 90kbs with SFTP. Is there a way to speed this up?
Having trouble getting the binary installer to download. Anyone know of any mirror sites or have a copy? Email me please.
Great instructions. But I keep getting the error below.
Any ideas what I missed?
Thanks
Status: Connecting to localhost:22 …
Status: Connected with localhost:22. Waiting for welcome message…
Response: SSH-2.0-OpenSSH_3.8.1p1
Error: Timeout detected!
Error: Unable to connect!
Status: Waiting to retry… (5 retries left)
dont know if im alone on this but when i was walking through the steps and got to the mkgroup and mkpasswd part i read
mkgroup -l ..etcgroup
instead of
mkgroup -l ..\etc\group
just thought i would let you know as it took me a few minutes and a look at the readme.txt before i could figure out why the commands werent working.
thanks for this install guide it helped me a lot!
EXCELLENT instructions. The only issues I had were inserting the \ characters in the mkgroup and mkpass filenames like ..\etc\passwd and I did have to reboot.
This was a great help. Thanks.
Excellent instructions, but i’m have problem with connect. When i try connect with putty generate the fellow error:
‘Network error: Software caused connection abort’
but, when a run openssh high debug mode all run OK.
Great Great Help. Just some things to add:
1) The \ characters are missing for \etc\group and \etc\passwd
2) to start the ssh service you must type “net start opensshd”
3) to end the ssh service for windows type “net stop opensshd”
4) those people who are getting the error timeout detected! and unable to connect! they MUST create a password for their windows login account. If the windows login account does not have a password (normally many people have only one account without a password), then ssh server cannot be connected because it requires a passowrd
This worked like a charm.
Great article.
I am having the same problem Moe had.
Response: SSH-2.0-OpenSSH_3.8.1p1
Error: Timeout detected!
Error: Unable to connect!
Status: Waiting to retry… (5 retries left)
I can get the sftp working with public key authentication. How can I prevent user from using SSH command?
Perfect instructions – apart from having to start the service manually (although it was set to auto, a reboot thus would have also started it)
thanks i really needed that
Yeah, wery good instructions to make a sftp server. It’s easy and free… but can someone tell me, if I can deny acces to FAT32 disk? On NTFS, its ok – I set the rights, and it works. But when user go to FAT32 disk, he has every rights. Can i solve it without converting this partition to NTFS?
Thanks..
when i try to connect my ssh server i get this error :
ssh: connect to host 10.102.18.21 port 22: Connection refused
Nice web page! Very sharp. I agree, maybe I am crazy or maybe I am not. Make sure you post often.Great job.
Congrartulations on this most excellent Blog
Hey, do you know of a way to just get SSH to work with a regular FTP server? We’re really happy with the FTP server we’ve got but we want to be able to SSH into it. So far we’ve tried the included SSL in the software but no luck and the SSH “tunneling” associated with PuTTy is too complicated for some users. You would be my hero if you can just point me in a good direction over here. Thanks!
I am having trouble issuing the commands in the command prompt. keeps telling me a domain name is only accepted when minus d is provided. The commands arent clear..you dont have to put the >>.. charcters in do you? I dont fully understand the group users and stuff…someone please elaborate on these commands and how i am using them please…thxs in advance
when i try mkgroup -l usr\group
response: a domain name is only accepted when -d is given
when i try mkgroup -d usr\group
response: cannot get PDC, code = 2453
when i try mkpasswd -l i dont understand the output??
when i try mkpasswd -l “windows username”
response: the domain thing as said earlier
when i try it with -d tells me it cannot find the domain controller.
someone please help, i really require this service but have no idea whats wrong
A better and much easier setup than this is just to use copssh!
the guide is easy, but i still not able to set it up, and it crash my cygwin.
I got the SSH up and running though for some weird reason it will only accept dos (telnet) commands and not SSH. Any suggestions?
I followed the installed and had no problem
I am using XCeed component for .Net to connect to my FTP Site (which is my own PC)
It is capable of SFTP, however I am getting an error while attemting to connect, the error is:
The command socket was disconnected from the FTP server
I can not use Port 22, so I am using 990 on my PC instead
Please advice
When login using SSH, the user can browse the entire directory. I wonder if we can restrict the folders to user home folder and subfolder only.
I need suggestion. Thanks
Following error:
Response: SSH-2.0-OpenSSH_3.8.1p1
Error: Timeout detected!
Error: Unable to connect!
Can be solved by enabling SSH2 on your SFTP client. In FileZilla go into Site Manager and in the ServerType select: SFTP using SSH2
Install went fine. However i can only get an account with administrative priveldges to login. Domain environment. anyone have similar problem?
hi i want to know about sftp client how to run ?
in other words when the ssh receive a packet that is channel success,the next SSH should send a packet , i want to konw what the send packet?
thanks!!!
Works fine!
But it runs under a real linux more stable, faster and more secure …
GREAT INSTRUCTIONS – THANK YOU. quick question.. after setting it up, I can connect on port 22 with SFTP using ssh2. I get the Yellow padlock indicating a secure connnection. question: is there any way to actually confirm that i have a secure connection? (my host tech support team tells me that their dedicated servers dont support SFTP using SSH2 but yet i am connecting and getting the padlock – so i am confused as to what is really going on). Would love some advice on this. thanks in advance.
SSH/SFTP was pretty easy to setup. However, locking it down has been a little more difficult. I’d like to create sftp_user accounts that allow them access to specific areas. I know. I can use ACLs to lock down directories. The problem is that I have only been able to connect with Administrator accounts, which I do not want to do. Has anyone had any luck creating non-admin accounts that can sFTP?
Problem is you have to all the user logon locally permissions.
When i use the mkgroup -l>>C:\program files\openssh\etc\group command i get a response that says:
a domain name is only accepted when -d is given
What am i doing wrong?
I followed the installation proces and had no problem, only a question.
Under Windows 2003 event viewer, appear a sshd event ID 0: Accepted password for “username” from “IP” port XXXX ssh2, is possible hide this event ?
Thanks
Hi.
I’m trying to set up a SFTP Server. I followed your instructions but I get the same error when creating passwd file, a domain name is only accepted when -d is given. what does that mean? Am I doing something wrong?
please help me. and what is the easiet to setup sftp using ssh for windows 2003 server?
thanks.
Ray,
Caution with spaces, review the Quick Start Guide in Start\Programs\OpenSSH for Windows
mkpasswd -l -u username >> ..\etc\passwd
I am upgrading cygsrv, cygutils and openssh packages and DLL’s over OPENSSH for Windows 2003, and all its OK.
Error:
Introduce ..\etc\passwd in the article appears ..\etcpasswd
URMXP Packages & Downloads *NEW*
Thank you!!!
This solution is great.
I have just implemented it to solve a file transfer issue.
Fantastic article. Thanks!
Good article to put all the information together. I’m working on trying to lock down permissions, but overall your summarized instructions works. Thanks. — brickwalls19(at)gmail[dot]com
Nevermind. Was because I was trying to access the external address from my internal device. *slaps head*
My SFTP does not appear to work after these instructions, I can SSH to the box however SFTP does not apear to be installed or setup. I get the following error
Looking up host “localhost”
Connecting to 127.0.0.1 port 22
Server version: SSH-2.0-OpenSSH_3.8.1p1
version: SSH-2.0-SSH-Local: Mar 5 2006 23:44:38
Using SSH protocol version 2
processing group exchange
processing key exchange
Host key fingerprint is:
ssh-rsa 1024 ca:2f:d0:1a:8f:bf:d6:f7:c6:08:13:1a:21:69:c3:21
Initialized AES-256 client->server encryption
Initialized AES-256 server->client encryption
Keyboard-interactive authentication refused
Sent password
Access granted
Opened channel for session
Started shell session
Server sent command exit status 0
All channels closed. Disconnecting
Unable to initialize SFTP: 潣汵â¤æ½®â´æ½£æ¹®æ¥t (sftp not enabled?)
Can’t establish connection –> localhost:22 @ Tue Jan 09 11:43:51 2007 (122-1)
Can anyone help?
Hi Thanks for the excellent article. Much appreciated. I’m having a problem with configuring the group and passwd files. When i tried to run the mkgroup and mkpasswd commands i get the message “mkgroup: A domain name is only accepted when `-d’ is given”. Please let me know whatam doing wrong. Thank you in advance
FYI everyone…Windows 2003 Server is NOT currently supported.
I have successfully set it up on W2K3 server and using FileZillar v2.2.26a to connect to it. I set the home directory to D:\FtpUsers\Test. The home directory content shows up fine when I login but I find myself able to navigate out of the home directory and read/write files just about any where… The physical path also showing under Remote Site.
1. Is there any way to hide the physical path so the user just see “/” as the home directory?
2. Is there any way to lock the user in home directory?
Thanks,
Brian Dao
i have setup the OpenSSH on windows 2003 server and able to logon. But sft-server subsystem is shoinf error and unable to proced.
Thank you, I followed the instructions and it’s worked with me
im unable to change the default directory, it defauts to c:/program files/openssh.
cygwin doesnt work for some reason.
What a great guide that people are still finding a use for 2 years after it was written. Totally easy to set up for someone with average server admin experience.
So far I finshed reading the readme file and the quick gudie, and I am having some problems getting OpenSSH to work properly:
1) When I am typing mkgroup -l >> ..\etc\passwd I get this message “A domain name is only accepted when -d is given”
Can anyone tell me how do I solve this problem? I typed mkgroup -l and it was able to retreive the local groups, but I cannot find the group file
2) Also is there a way that I can only specify just “one” group to be added to the group file instead of having “all” the local groups being copied to the mkgroup file?
Any help is greatly appreicated. Thank You
guys,
i stuck in the cygwin1.dll, any idea?
I am running SSH on Windows 2003 Server. Thanks for your instrctions which helped me a lot.
I would like to block some users only to use SFTP (not SSH). And would like to restrict them to a directory C:\Upload and its sub directories. I would like to block them to view even C:\(even \home, \home\user).
Thanks in Advance.
Having trouble to install the SFTP-Server on Windows. Can anybody help me?
Hi Pianelli, I will try to assist you, its not that hard!
is there a way i can limit a specific users downloads to to a specified number of times?
FYI, I had to uninstall File and Printer Sharing on the client system before it would work for me.
Go to Control Panel, right click on the connection you are using, and go to Properties. Select the File and Printer Sharing item and click Uninstall.
I just installed your product. However, I am able to connect to it via FireZilla but nothing happens when I try to upload a file to it. Also, is there a way to modify the welcome banner?
Thanks
I should re-phrase what I just submitted–I don’t think I am getting connected:
Status: Connected with BRES_Intranet:22. Waiting for welcome message…
Response: SSH-2.0-OpenSSH_3.8.1p1
I’m able to connect using ssh however, I can not change my home directory.
I’ve changed the reg default location and the password location and it still only takes me to the root of the ssh program.
Great job man, figuring out the semantics for all those little details can be time consuming. Thank you!
Thank you so verymuch. This was really helpful. Excellent narration. It worked on the first try itself.
Anyone else tried this on vista x64? Thoughts would be appreciated but I’m guessing it’s terminal until a compatible version is released.
The opensshd service remains ‘starting’. It times out with error 1053 – did not respond in a timely manner.
Event viewer showing:-
Log Name: Application
Source: Application Error
Date: 03/06/2007 11:36:35
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: captaincaveman
Description:
Faulting application cygrunsrv.exe, version 0.0.0.0, time stamp 0x40826252, faulting module cygwin1.dll, version 1005.10.0.0, time stamp 0x40b3fbf6, exception code 0xc0000005, fault offset 0x00092802, process id 0x139c, application start time 0x01c7a5cb0f25a2df.
Event Xml:
1000
2
100
0x80000000000000
2815
Application
captaincaveman
cygrunsrv.exe
0.0.0.0
40826252
cygwin1.dll
1005.10.0.0
40b3fbf6
c0000005
00092802
139c
01c7a5cb0f25a2df
I have tried and tried but I can’t get this to work.
It installs and seems to configure properly.
I can connect (I get the connection message), but it will not authenticate.
I then tried another commercial SFTP server on trial and I get the same thing!
I’ve spent hours and hours on this but I can’t figure out what’s wrong.
Please help!
Installed and configured Openshh on Windows 2003 sbs server, works well from inside and outside access but with an issue.
Issues:
used /cygdrive/E/public on passwd file to point to the users public folders but it does not work. All users login defaults to the c:\program files\openssh\etc folder.
Any idea on how I could fix the issue?
Many Thanks!
Nevermind! I fixed it!
Thank you for a great blog.
Dave…
Dave,
How were you able to fix the issue of login defaulting to the “c:\program files\openssh\etc” folder and not being able to change directory from there? I’m having the same issue. Please help…
Followed intructions, service does not install or start.
Password file and group file created, no problem.
I do not see any solutions for my problem in the blog.
Any ideas?
Hi Beardo,
Were you able to successfully install and run OpenSSH server on Windows Vista? I am facing the same issue, the service simply won’t start. I have tried it on Windows Vista Business and Windows Vista Enterprise Editions (32-bit), but no luck
I was able to start the service on Vista by starting the service in XP Compatibility mode, but I was not able to connect to it then. Though the services window shows it as started but nothing happens, no connection, no authentication just nothing.
Please let me know if you have (or someone else) any solution to this issue. I desperately need it to run on Vista since my application is dependent on it.
Regards
Once I log in, it goes to c:\program files\openssh\etc folder. Is there a way that I can force it to be another default directory?
Found the answer to my own question. If you have the username as the folder name in your ‘Documents and Settings’ folder, then it will go into that folder. If it can’t find that folder with that username, then it will default to the ‘c:\program files\openssh\etc’ folder.
I’m getting an ‘Access Denied’ response when I try to change the Password & Group files. Respectivley, I get the same issue when I try to connect ‘Authentication Failed.’ Someone help.
thank’s ….it was great ..i was able to creat my sftp server but one problem …how to restrict the user to one directory so that he can’t browse the root directory ….please help me …..
I have Problems to install the SFTP-Server on Mac. Can anybody help me?
I am not able to change the directory path. I edited the passwd file to /cygdrive/h/web and still getting into the openssh directory when I connect. Any help would be appreciated. Thanks!
Any ideas on why I get and “Access Denied” response when trying to login or change passwd/Group files?
———————————————
Will said on July 10th, 2007 at 4:26 pm
I’m getting an ‘Access Denied’ response when I try to change the Password & Group files. Respectivley, I get the same issue when I try to connect ‘Authentication Failed.’ Someone help.
LOL. Just use FileZilla server app. It supports setting up a SFTP Server. ANd its a point-click process. Alternatively, you could use Serv-U FTP server. They are both excellent free FTP – SFTP server apps.
dumdum31,
Don’t know what your definition of “free” is, but Serv-U definitely is not. It’s a commercial program with a 30-day trial demo. Hardly “free.”
cannot connect from remote pc unless,,,and this is odd,,unless the remote pc is connected by telephone modem to anyone else. I tried from one remote pc, in house, to the server, can’t connect. Dialed a customer’s modem with the remote pc, connected, was able to establish the SFTP connection to the server from the remote. ??
Just wanted to thank you for the instructions. Worked like a charm!
CoreyH
I wasn’t able to get the Windows share drive to work by using either the /cygdrive/F syntax or by changing the Windows registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/home to a drive letter path like F:\, as one would think from the Readme.txt
Instead open the Windows Registry Editor by typing regedit in the Start->Run box.
Then browse to the key HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/home
You can now double-click the “native” value and change it to something like \\servername\foldername . This is the same path you(d) enter when creating a Windows share drive. Once you’ve done this be sure to close any existing SFTP or SSH connections and then reconnect and try to visit /home.
(NOTE: do not type the double-quotes, they are included only for clarification)
You can also create new alias by adding another key to the Windows registry under \mounts v2\ Right-click on \mounts v2\ and select New->Key. Name the key something you want, like “\sharepath” Highlight the new “\sharepath” key. Right-click on it and select New->Dword. Name it “flags”. Double-click “flags” and enter the value “a”. Right-click on “sharepath” and select New->String. Name this “native”. Double-click the “native” value and enter the path you want, this can be anything like “C:\Somefolder” or “\\somecomputer\somefolder”
Clarification. Any new registry keys would have to be of the form “/sharepath” (notice the frontslash, not a backslash as I wrote above). Again, the quotes should not be typed.
How do I set up locks using ACLs
to those who receive this type of message:
Status: Connected with BRES_Intranet:22. Waiting for welcome message…
Response: SSH-2.0-OpenSSH_3.8.1p1
this happens when you only specify the port, not the protocol when making the connection. if you are using filezilla, instead of using a quick connection, you need to create a new connection and indicate the type as SFTP. in Filezilla do the following:
File
Site Manager…
New Site (name it something) then in the Site Details:
host name = yoursite
port = 22
Servertype: SFTP using SSH2
Logontype: Normal supply the credentials you setup earlier.
Save and Exit.
Now on the main screen, click the new site to connect to (icon below File & Edit)
*profit*
can someone help with the proper way to indicate a home folder where the folder name has a space in it?
example:
C:\NEW FOLDER\TEST = /cygdrive/c/NEW FOLDER/TEST:
the above does not work.
Thanks for your instructions.
It works fine.
Best regards.
Lukas
Thank you for this useful tutorial!
Greetz Karl
I am having hard time in starting service on Vistal Ultimate. I get follwing errors.
‘Error 1067 : The process terminated unexpectedly’
and Vista alerts saying
‘cygrunsrv.exe’ has stopped working.
Service is configured to run under ‘Local System’.
I tried changing service logon user to “Administrator’ still doesn’t work
I appreciate any help
Thanks
CK
Works fine! Thanks!
The only thing you haven’t mentioned is that at the end user should run “net start opensshd” to start SFTP server.
Cheers
i see you can make it just do the ssh shell and not sftp can you do do the reverse! just give user sftp access!
excellent program so easy to configure :)
I was having authentication issues and I finally figured it out. My account name had a space in it I.E. John Smith. To properly ad the user to the passwd file I had to do:
mkpasswd -l -u “Benji Park” >> ..\etc\passwd
Then in winscp set username to Benji Park (no quotes) and I logged in fine.
When I tried to add the user without the quotes I would get the “A domain name is only accepted when `-d’ is given” error. To know what the name of your account is you can find it by right clicking on “My Computer” and selecting “manage”. Navigate to “Local Users and Groups” then “Users”. You will see “name” and “full name” for accounts. For openssh “name” is the only thing to pay attention to.
Hope this helps someone.
For those of you that are interested in locking down the shell and only allowing scp and sftp, there is an easy solution. Just disable all access to cmd.exe, for the account that is being used to log into the ssh/sftp/scp. This file is in the system32 folder.
Worked well for me. If you are forwarding a port through your router, make sure that you are forwarding from “all” ports to port 22 using TCP. You can’t go from 22 to 22 only. Not sure why this is the case.
Hi,
very good doc
I’m having OpenSSH problems. With putty, I’m attempting to log in with the username that I use for my PC and get a return of “Access Denied”.
How do I ensure I have my passwd setup correctly. When I attempted to properly add my username to the passwd file in cmd, it returned that the user name could not be found.
Can anyone assist?
follow the video instruction above. user account is the windows account you have or will need to setup. before using sftp client program, turn on the OpenSSH service by starting it. account/username is the username you created using the command earlier. Password is the windows user account password under that username.
if you were able to connect locally and not remotely, it could be the firewall. go to Network Connections –> local area connection –> Advanced –> Setting –> Exception tab –> Add port 22.
We wan’t to run a SFTP server on a windows 2003 Enterprise Edition in CLUSTER ! Does anyone know which application can be installed in a cluster environment to offer SFTP? Thanks. Steve
Thank you kindly for this wonderful step-by-step howto. I second the earlier recommendation that you add a step which reminds users to start the service after following your instructions as it is not running by default.
Anybody has luck in installing/binding SFTP in clusterd environment. I have one virtual server cluster using two machines
Steve & Anita, it works on clusters, and no luck involved here. Using the manual above, simply note the following:
– since you can’t use a domain account, create the same local account on each cluster node with the same password, and use it to create each passwd file.
Now, assuming the sftp directory is on a shared storage, for ex S:\SharedFtp, also note:
– add OpenSSHd service as a Generic Service resource in the cluster configuration in the same resource group as the shared storage disk and the virtual server IP, with proper dependancy.
– assign proper NTFS permissions to the home directory S:\SharedFtp in EACH node for the local account created on that particular node. Also you should probably deny access to all other drives and folders outside this directory, in each node, for the ftp account created.
If you require clarification, just ask.
Make sure you TURN OFF YOUR IIS FTP!
CopSSH was even easier to install and supports Vista… Customization options from this article carry over as well, e.g. changing the home directory in the passwd file.
How do I run a transaction using a script file? I have tried the following with several variations to no avail.
sftp -b ScriptFile hostname
contents of ScriptFile:
user username_password
ls
quit
If you can read, you can successfully install Openssh with this guide. Sickenly simple install with vast possibilities from an administration perspective.
Steve,
Try using a shellexec tool like plink (it’s part of the putty suite)
Regarding restricting a user to a directory like WuFTP does, get openssh-chroot and use a UNIX / Linux box for sftp.
The requirement that you are looking for is called “change root”. WuFTP and openssh-chroot use the same scheme to tell the application to change root the user to their login directory or a parent directory that is part of the home direcotry path.
In /etc/passwd file, for the home direcotory path, an administrator simply adds /./ to the path for the home directory at the point that the user is to be change rooted to…. example: mysql:*:74:74:MySQL Server:/var/empty/./:/usr/bin/sh Note the /./ after empty. When a user then uses the unix pwd command after login in, they will not see /var/empty as their directory path, but / only, thus performing a cd .. will not move their path to /var, they will remain at /var/empty, but the system will not report this path to the user. Any subdirectories under empty will be accessible, but only if the directory permissions allow. If the users login directory is /export/home/thomas, an administrator could enter /export/home/./thomas. When the user logs in and performs a pwd, they will get /thomas as their directory path. Using change root (chroot) is a great way to restrict user access to the contents of a computer system…. the gotcha. When a user is running in a change rooted environment, they cannot access other parts of the system… this means that in order for them to perform minimal functions, you must create an OS type of environment by replicating at the /./ directory level the minimum library and executable files for the user to be able to function on the system, else chances are they will not be able to log into their change rooted account. For an sftp environment, I would also include the sftpsh shell script. This will disallow users from using ssh or scp from logging onto the server is you trying to restrict the user to sftp only. In the above account example, instead of /usr/bin/sh for the shell, you would change this to /usr/bin/sftpsh.
Thanks, this made installing Open SSH considerably easier. I thought it would take a lot longer, but I was up in minutes thanks to your instructions.
Thanks!
Thanks! The instructions worked OK on Windows 2003 but only when I installed openssh into directory without _SPACES_.
I installed this on Windows Server 2003. I followed the instructions at the top but got the error (after connecting!):
Fatal: unable to initialise SFTP on server
To solve it, I had to use the domain options:
mkgroup -d >> ..\etc\group
mkpasswd -l -d -u >> ..\etc\passwd
and then restart the ‘OpenSSH Server’ service.
Hope this helps someone..