Setting up a SFTP Server on Windows

I recently had to create an SFTP server on our work development system, and after doing a fair bit of Googling on the topic found a good solution. The solution is a combination of research done at different sites. It is this solution I am sharing in hopes that it will help someone else.

This tutorial will help you turn your Windows based system into a SecureFTP server.

Background

Secure Shell (SSH) is a program that lets you log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. When using ssh, the entire login session, including transmission of password, is encrypted and therefore is very secure.

You may have noticed that many webhosts allow ssh access. This means that you can login to their webserver and execute many UNIX commands (the ones they allow you access to) on your account. Not only can you connect to other computers that provide SSH access, but you can also allow others to connect to your computer using SSH.

To take this one step further, you can also turn your Windows PC into a Secure FTP (SFTP) server. SFTP is a program that uses SSH to transfer files. Unlike standard FTP, it encrypts both commands and data, preventing passwords and sensitive information from being transmitted in clear text over the Internet. It is similar to FTP, but because it uses a different protocol, you must use a FTP client that supports SFTP (more about that later). To determine if you want a SFTP server windows 2012, or another version keep reading.

Installing SSH on Windows

Most UNIX based systems (Linux and OSX) come with SSH preinstalled, so connecting to a remote host is very easy. However, if you run a Windows system, you need to download some additional software to make the SSH programs available to you. Fortunately a free open-source project called SSHWindows, provides a nice Windows installer that will setup the SSH client and Server on your system.

Your first step will be to download the Binary Installer Release from SSHWindows. Once downloaded, run the installer and be sure to install both the client and server components.

Configure the SSH Server

In this next step, I have summarized the information that is included with the readme.txt that is included with SSHWindows (it can be found in c:\program files\openssh\docs)

Your first configuration step is to set up the passwd file. You will need to set up the passwd file before any logins can take place.

Passwd creation is relatively easy and can be done using two programs that are included with SSHWindows – mkgroup and mkpasswd. Both of these programs are located in the c:\program files\openssh\bin directory.

To begin creating the group and passwd files, open a command prompt window and navigate to the c:\program files\openssh directory.

You must first create a group file. To add all local groups on your computer to the group file, type the command as shown below:

mkgroup -l >> ..\etc\group

You will now need to create a passwd file. Any users in the passwd file will be able to log on with SSH. For this reason, it is recommended that you add users individually with the -u switch. To add a user to the passwd file type the command shown below:

mkpasswd -l -u username >> ..\etc\passwd

NOTE: the username specified above must be an existing windows login account.

Creating Home Directories for you Users

In the passwd file, you will notice that the user’s home directory is set as /home/username, with username being the name of the account. In the default install, the /home directory is set to the default profile directory for all users. This is usually c:\documents and settings.

If you want to change this location you will need to edit the passwd file. The passwd file is in plain text and can be edited in Notepad or any text editor. The last two entries for each user are safe to edit by hand. The second to last entry (/home/username) can be replaced with any other directory to act as that user’s home directory. It’s worth noting that when you run SSH on windows, you are actually running SSH in a scaled down version of cygwin, which is a Unix emulator for Windows. So, if you will be placing the user somewhere outside the default directory for their Windows profile, you will need to use the cygdrive notation.

To access any folder on any drive letter, add /cygdrive/DRIVELETTER/ at the beginning of the folder path. As an example, to access the winnt\system32 directory on the *c:* drive you would use the path:

*/cygdrive/c/winnt/system32*

Connecting to your SFTP Server

To connect to your new SFTP server, you will need to download an FTP client that supports SFTP. I use Filezilla which is a nice free FTP and SFTP client. You might also try WinSCP which is another free SFTP client. It is important that the server you wanted to connect to is running SSH.

To test if your server is running, create a new connection in your client and specify SFTP as the server type, 22 as the port, and localhost or 127.0.0.1 as the server name. You will also need to provide the user account and password for any account that you added to your passwd file. Now connect to the server. If all went well, you should see a directory listing where you pointed the home folder to. If not, there are a couple of things to check. Make sure your Windows firewall is set to allow traffic over port 22 and finally double check your passwd file to make sure that the account you added is actually there.

Security

Because SSH allows access to only Windows user accounts, you can restrict access based upon NTFS file permissions. As such, SFTP does not provide for chroot jails (a Unix method for locking a user to his/her home directory). Simply lock down your filesystem for that user, and SFTP will respect that.

Summary

In the end, setting up an SFTP server turned out to be a very effortless task. With a couple of open source programs and a couple of command-line commands, you can up and running in no time at all! Try this link for info on a free mail server on Windows.

I’m aware that a certain percentage of people who get to this page don’t find the info they need. I don’t consider Digital Media Minute an overly commercial site, but I’ve decided to include a link to a product that will help some of those people.

ADDITIONAL READING:
1. Common SSH Commands
2. Open SSH

If you are interested in setting up a secure web server and/or self-hosting, including installing and configuring either IIS, Apache or PWS, router configuration. etc., Click Here.  (Updated: March 02 2012)

114 thoughts on “Setting up a SFTP Server on Windows”

  1. I have followed all the instructions and have succesfully installed ssh and filezilla however I don’t really get the last part where you say create a new client connection and specify it where is this done at, my server wont let me connect to it

  2. Great instructions. The only thing I would add is to check to make sure the service is running after the installation. Otherwise everything worked perfectly.

  3. Works great but the download transmission speed is considerably slower than normal FTP. For instance, I can download at 120kbs via FTP but only around 90kbs with SFTP. Is there a way to speed this up?

  4. Great instructions. But I keep getting the error below.
    Any ideas what I missed?
    Thanks
    Status: Connecting to localhost:22 …
    Status: Connected with localhost:22. Waiting for welcome message…
    Response: SSH-2.0-OpenSSH_3.8.1p1
    Error: Timeout detected!
    Error: Unable to connect!
    Status: Waiting to retry… (5 retries left)

  5. dont know if im alone on this but when i was walking through the steps and got to the mkgroup and mkpasswd part i read

    mkgroup -l ..etcgroup
    instead of
    mkgroup -l ..\etc\group

    just thought i would let you know as it took me a few minutes and a look at the readme.txt before i could figure out why the commands werent working.

    thanks for this install guide it helped me a lot!

  6. EXCELLENT instructions. The only issues I had were inserting the \ characters in the mkgroup and mkpass filenames like ..\etc\passwd and I did have to reboot.

    This was a great help. Thanks.

  7. Excellent instructions, but i’m have problem with connect. When i try connect with putty generate the fellow error:

    ‘Network error: Software caused connection abort’

    but, when a run openssh high debug mode all run OK.

  8. Great Great Help. Just some things to add:
    1) The \ characters are missing for \etc\group and \etc\passwd
    2) to start the ssh service you must type “net start opensshd”
    3) to end the ssh service for windows type “net stop opensshd”
    4) those people who are getting the error timeout detected! and unable to connect! they MUST create a password for their windows login account. If the windows login account does not have a password (normally many people have only one account without a password), then ssh server cannot be connected because it requires a passowrd

  9. I am having the same problem Moe had.

    Response: SSH-2.0-OpenSSH_3.8.1p1
    Error: Timeout detected!
    Error: Unable to connect!
    Status: Waiting to retry… (5 retries left)

  10. Perfect instructions – apart from having to start the service manually (although it was set to auto, a reboot thus would have also started it)

    thanks i really needed that

  11. Yeah, wery good instructions to make a sftp server. It’s easy and free… but can someone tell me, if I can deny acces to FAT32 disk? On NTFS, its ok – I set the rights, and it works. But when user go to FAT32 disk, he has every rights. Can i solve it without converting this partition to NTFS?
    Thanks..

  12. when i try to connect my ssh server i get this error :

    ssh: connect to host 10.102.18.21 port 22: Connection refused

  13. Hey, do you know of a way to just get SSH to work with a regular FTP server? We’re really happy with the FTP server we’ve got but we want to be able to SSH into it. So far we’ve tried the included SSL in the software but no luck and the SSH “tunneling” associated with PuTTy is too complicated for some users. You would be my hero if you can just point me in a good direction over here. Thanks!

  14. I am having trouble issuing the commands in the command prompt. keeps telling me a domain name is only accepted when minus d is provided. The commands arent clear..you dont have to put the >>.. charcters in do you? I dont fully understand the group users and stuff…someone please elaborate on these commands and how i am using them please…thxs in advance

  15. when i try mkgroup -l usr\group
    response: a domain name is only accepted when -d is given
    when i try mkgroup -d usr\group
    response: cannot get PDC, code = 2453
    when i try mkpasswd -l i dont understand the output??
    when i try mkpasswd -l “windows username”
    response: the domain thing as said earlier
    when i try it with -d tells me it cannot find the domain controller.
    someone please help, i really require this service but have no idea whats wrong

  16. I got the SSH up and running though for some weird reason it will only accept dos (telnet) commands and not SSH. Any suggestions?

  17. I followed the installed and had no problem
    I am using XCeed component for .Net to connect to my FTP Site (which is my own PC)
    It is capable of SFTP, however I am getting an error while attemting to connect, the error is:
    The command socket was disconnected from the FTP server

    I can not use Port 22, so I am using 990 on my PC instead
    Please advice

  18. When login using SSH, the user can browse the entire directory. I wonder if we can restrict the folders to user home folder and subfolder only.
    I need suggestion. Thanks

  19. Following error:

    Response: SSH-2.0-OpenSSH_3.8.1p1
    Error: Timeout detected!
    Error: Unable to connect!

    Can be solved by enabling SSH2 on your SFTP client. In FileZilla go into Site Manager and in the ServerType select: SFTP using SSH2

  20. Install went fine. However i can only get an account with administrative priveldges to login. Domain environment. anyone have similar problem?

  21. hi i want to know about sftp client how to run ?
    in other words when the ssh receive a packet that is channel success,the next SSH should send a packet , i want to konw what the send packet?
    thanks!!!

  22. GREAT INSTRUCTIONS – THANK YOU. quick question.. after setting it up, I can connect on port 22 with SFTP using ssh2. I get the Yellow padlock indicating a secure connnection. question: is there any way to actually confirm that i have a secure connection? (my host tech support team tells me that their dedicated servers dont support SFTP using SSH2 but yet i am connecting and getting the padlock – so i am confused as to what is really going on). Would love some advice on this. thanks in advance.

  23. SSH/SFTP was pretty easy to setup. However, locking it down has been a little more difficult. I’d like to create sftp_user accounts that allow them access to specific areas. I know. I can use ACLs to lock down directories. The problem is that I have only been able to connect with Administrator accounts, which I do not want to do. Has anyone had any luck creating non-admin accounts that can sFTP?

  24. When i use the mkgroup -l>>C:\program files\openssh\etc\group command i get a response that says:
    a domain name is only accepted when -d is given

    What am i doing wrong?

  25. I followed the installation proces and had no problem, only a question.

    Under Windows 2003 event viewer, appear a sshd event ID 0: Accepted password for “username” from “IP” port XXXX ssh2, is possible hide this event ?

    Thanks

  26. Hi.

    I’m trying to set up a SFTP Server. I followed your instructions but I get the same error when creating passwd file, a domain name is only accepted when -d is given. what does that mean? Am I doing something wrong?

    please help me. and what is the easiet to setup sftp using ssh for windows 2003 server?

    thanks.

  27. Ray,

    Caution with spaces, review the Quick Start Guide in Start\Programs\OpenSSH for Windows

    mkpasswd -l -u username >> ..\etc\passwd

    I am upgrading cygsrv, cygutils and openssh packages and DLL’s over OPENSSH for Windows 2003, and all its OK.

  28. Good article to put all the information together. I’m working on trying to lock down permissions, but overall your summarized instructions works. Thanks. — brickwalls19(at)gmail[dot]com

  29. My SFTP does not appear to work after these instructions, I can SSH to the box however SFTP does not apear to be installed or setup. I get the following error

    Looking up host “localhost”
    Connecting to 127.0.0.1 port 22
    Server version: SSH-2.0-OpenSSH_3.8.1p1
    version: SSH-2.0-SSH-Local: Mar 5 2006 23:44:38
    Using SSH protocol version 2
    processing group exchange
    processing key exchange
    Host key fingerprint is:
    ssh-rsa 1024 ca:2f:d0:1a:8f:bf:d6:f7:c6:08:13:1a:21:69:c3:21
    Initialized AES-256 client->server encryption
    Initialized AES-256 server->client encryption
    Keyboard-interactive authentication refused
    Sent password
    Access granted
    Opened channel for session
    Started shell session
    Server sent command exit status 0
    All channels closed. Disconnecting
    Unable to initialize SFTP: 潣汵⁤潮⁴潣湮捥t (sftp not enabled?)
    Can’t establish connection –> localhost:22 @ Tue Jan 09 11:43:51 2007 (122-1)

    Can anyone help?

  30. Hi Thanks for the excellent article. Much appreciated. I’m having a problem with configuring the group and passwd files. When i tried to run the mkgroup and mkpasswd commands i get the message “mkgroup: A domain name is only accepted when `-d’ is given”. Please let me know whatam doing wrong. Thank you in advance

  31. I have successfully set it up on W2K3 server and using FileZillar v2.2.26a to connect to it. I set the home directory to D:\FtpUsers\Test. The home directory content shows up fine when I login but I find myself able to navigate out of the home directory and read/write files just about any where… The physical path also showing under Remote Site.

    1. Is there any way to hide the physical path so the user just see “/” as the home directory?

    2. Is there any way to lock the user in home directory?

    Thanks,

    Brian Dao

  32. i have setup the OpenSSH on windows 2003 server and able to logon. But sft-server subsystem is shoinf error and unable to proced.

  33. im unable to change the default directory, it defauts to c:/program files/openssh.

    cygwin doesnt work for some reason.

  34. What a great guide that people are still finding a use for 2 years after it was written. Totally easy to set up for someone with average server admin experience.

  35. So far I finshed reading the readme file and the quick gudie, and I am having some problems getting OpenSSH to work properly:

    1) When I am typing mkgroup -l >> ..\etc\passwd I get this message “A domain name is only accepted when -d is given”
    Can anyone tell me how do I solve this problem? I typed mkgroup -l and it was able to retreive the local groups, but I cannot find the group file

    2) Also is there a way that I can only specify just “one” group to be added to the group file instead of having “all” the local groups being copied to the mkgroup file?

    Any help is greatly appreicated. Thank You

  36. I am running SSH on Windows 2003 Server. Thanks for your instrctions which helped me a lot.

    I would like to block some users only to use SFTP (not SSH). And would like to restrict them to a directory C:\Upload and its sub directories. I would like to block them to view even C:\(even \home, \home\user).

    Thanks in Advance.

  37. FYI, I had to uninstall File and Printer Sharing on the client system before it would work for me.

    Go to Control Panel, right click on the connection you are using, and go to Properties. Select the File and Printer Sharing item and click Uninstall.

  38. I just installed your product. However, I am able to connect to it via FireZilla but nothing happens when I try to upload a file to it. Also, is there a way to modify the welcome banner?

    Thanks

  39. I should re-phrase what I just submitted–I don’t think I am getting connected:
    Status: Connected with BRES_Intranet:22. Waiting for welcome message…
    Response: SSH-2.0-OpenSSH_3.8.1p1

  40. I’m able to connect using ssh however, I can not change my home directory.

    I’ve changed the reg default location and the password location and it still only takes me to the root of the ssh program.

  41. Thank you so verymuch. This was really helpful. Excellent narration. It worked on the first try itself.

  42. Anyone else tried this on vista x64? Thoughts would be appreciated but I’m guessing it’s terminal until a compatible version is released.

    The opensshd service remains ‘starting’. It times out with error 1053 – did not respond in a timely manner.

    Event viewer showing:-

    Log Name: Application
    Source: Application Error
    Date: 03/06/2007 11:36:35
    Event ID: 1000
    Task Category: (100)
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: captaincaveman
    Description:
    Faulting application cygrunsrv.exe, version 0.0.0.0, time stamp 0x40826252, faulting module cygwin1.dll, version 1005.10.0.0, time stamp 0x40b3fbf6, exception code 0xc0000005, fault offset 0x00092802, process id 0x139c, application start time 0x01c7a5cb0f25a2df.
    Event Xml:

    1000
    2
    100
    0x80000000000000

    2815
    Application
    captaincaveman

    cygrunsrv.exe
    0.0.0.0
    40826252
    cygwin1.dll
    1005.10.0.0
    40b3fbf6
    c0000005
    00092802
    139c
    01c7a5cb0f25a2df

  43. I have tried and tried but I can’t get this to work.

    It installs and seems to configure properly.
    I can connect (I get the connection message), but it will not authenticate.
    I then tried another commercial SFTP server on trial and I get the same thing!

    I’ve spent hours and hours on this but I can’t figure out what’s wrong.

    Please help!

  44. Installed and configured Openshh on Windows 2003 sbs server, works well from inside and outside access but with an issue.

    Issues:
    used /cygdrive/E/public on passwd file to point to the users public folders but it does not work. All users login defaults to the c:\program files\openssh\etc folder.

    Any idea on how I could fix the issue?

    Many Thanks!

  45. Dave,

    How were you able to fix the issue of login defaulting to the “c:\program files\openssh\etc” folder and not being able to change directory from there? I’m having the same issue. Please help…

  46. Followed intructions, service does not install or start.
    Password file and group file created, no problem.
    I do not see any solutions for my problem in the blog.
    Any ideas?

  47. Hi Beardo,

    Were you able to successfully install and run OpenSSH server on Windows Vista? I am facing the same issue, the service simply won’t start. I have tried it on Windows Vista Business and Windows Vista Enterprise Editions (32-bit), but no luck

    I was able to start the service on Vista by starting the service in XP Compatibility mode, but I was not able to connect to it then. Though the services window shows it as started but nothing happens, no connection, no authentication just nothing.

    Please let me know if you have (or someone else) any solution to this issue. I desperately need it to run on Vista since my application is dependent on it.

    Regards

  48. Once I log in, it goes to c:\program files\openssh\etc folder. Is there a way that I can force it to be another default directory?

  49. Found the answer to my own question. If you have the username as the folder name in your ‘Documents and Settings’ folder, then it will go into that folder. If it can’t find that folder with that username, then it will default to the ‘c:\program files\openssh\etc’ folder.

  50. I’m getting an ‘Access Denied’ response when I try to change the Password & Group files. Respectivley, I get the same issue when I try to connect ‘Authentication Failed.’ Someone help.

  51. thank’s ….it was great ..i was able to creat my sftp server but one problem …how to restrict the user to one directory so that he can’t browse the root directory ….please help me …..

  52. I am not able to change the directory path. I edited the passwd file to /cygdrive/h/web and still getting into the openssh directory when I connect. Any help would be appreciated. Thanks!

  53. Any ideas on why I get and “Access Denied” response when trying to login or change passwd/Group files?

    ———————————————

    Will said on July 10th, 2007 at 4:26 pm
    I’m getting an ‘Access Denied’ response when I try to change the Password & Group files. Respectivley, I get the same issue when I try to connect ‘Authentication Failed.’ Someone help.

  54. LOL. Just use FileZilla server app. It supports setting up a SFTP Server. ANd its a point-click process. Alternatively, you could use Serv-U FTP server. They are both excellent free FTP – SFTP server apps.

  55. dumdum31,

    Don’t know what your definition of “free” is, but Serv-U definitely is not. It’s a commercial program with a 30-day trial demo. Hardly “free.”

  56. cannot connect from remote pc unless,,,and this is odd,,unless the remote pc is connected by telephone modem to anyone else. I tried from one remote pc, in house, to the server, can’t connect. Dialed a customer’s modem with the remote pc, connected, was able to establish the SFTP connection to the server from the remote. ??

  57. I wasn’t able to get the Windows share drive to work by using either the /cygdrive/F syntax or by changing the Windows registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/home to a drive letter path like F:\, as one would think from the Readme.txt

    Instead open the Windows Registry Editor by typing regedit in the Start->Run box.

    Then browse to the key HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/home
    You can now double-click the “native” value and change it to something like \\servername\foldername . This is the same path you(d) enter when creating a Windows share drive. Once you’ve done this be sure to close any existing SFTP or SSH connections and then reconnect and try to visit /home.

    (NOTE: do not type the double-quotes, they are included only for clarification)

    You can also create new alias by adding another key to the Windows registry under \mounts v2\ Right-click on \mounts v2\ and select New->Key. Name the key something you want, like “\sharepath” Highlight the new “\sharepath” key. Right-click on it and select New->Dword. Name it “flags”. Double-click “flags” and enter the value “a”. Right-click on “sharepath” and select New->String. Name this “native”. Double-click the “native” value and enter the path you want, this can be anything like “C:\Somefolder” or “\\somecomputer\somefolder”

  58. Clarification. Any new registry keys would have to be of the form “/sharepath” (notice the frontslash, not a backslash as I wrote above). Again, the quotes should not be typed.

  59. to those who receive this type of message:

    Status: Connected with BRES_Intranet:22. Waiting for welcome message…
    Response: SSH-2.0-OpenSSH_3.8.1p1

    this happens when you only specify the port, not the protocol when making the connection. if you are using filezilla, instead of using a quick connection, you need to create a new connection and indicate the type as SFTP. in Filezilla do the following:

    File
    Site Manager…
    New Site (name it something) then in the Site Details:

    host name = yoursite
    port = 22
    Servertype: SFTP using SSH2
    Logontype: Normal supply the credentials you setup earlier.

    Save and Exit.

    Now on the main screen, click the new site to connect to (icon below File & Edit)

    *profit*

  60. can someone help with the proper way to indicate a home folder where the folder name has a space in it?

    example:

    C:\NEW FOLDER\TEST = /cygdrive/c/NEW FOLDER/TEST:

    the above does not work.

  61. I am having hard time in starting service on Vistal Ultimate. I get follwing errors.

    ‘Error 1067 : The process terminated unexpectedly’
    and Vista alerts saying
    ‘cygrunsrv.exe’ has stopped working.

    Service is configured to run under ‘Local System’.

    I tried changing service logon user to “Administrator’ still doesn’t work

    I appreciate any help

    Thanks
    CK

  62. Works fine! Thanks!
    The only thing you haven’t mentioned is that at the end user should run “net start opensshd” to start SFTP server.
    Cheers

  63. i see you can make it just do the ssh shell and not sftp can you do do the reverse! just give user sftp access!

    excellent program so easy to configure :)

  64. I was having authentication issues and I finally figured it out. My account name had a space in it I.E. John Smith. To properly ad the user to the passwd file I had to do:

    mkpasswd -l -u “Benji Park” >> ..\etc\passwd

    Then in winscp set username to Benji Park (no quotes) and I logged in fine.

    When I tried to add the user without the quotes I would get the “A domain name is only accepted when `-d’ is given” error. To know what the name of your account is you can find it by right clicking on “My Computer” and selecting “manage”. Navigate to “Local Users and Groups” then “Users”. You will see “name” and “full name” for accounts. For openssh “name” is the only thing to pay attention to.

    Hope this helps someone.

  65. For those of you that are interested in locking down the shell and only allowing scp and sftp, there is an easy solution. Just disable all access to cmd.exe, for the account that is being used to log into the ssh/sftp/scp. This file is in the system32 folder.

  66. Worked well for me. If you are forwarding a port through your router, make sure that you are forwarding from “all” ports to port 22 using TCP. You can’t go from 22 to 22 only. Not sure why this is the case.

  67. I’m having OpenSSH problems. With putty, I’m attempting to log in with the username that I use for my PC and get a return of “Access Denied”.

    How do I ensure I have my passwd setup correctly. When I attempted to properly add my username to the passwd file in cmd, it returned that the user name could not be found.

    Can anyone assist?

  68. follow the video instruction above. user account is the windows account you have or will need to setup. before using sftp client program, turn on the OpenSSH service by starting it. account/username is the username you created using the command earlier. Password is the windows user account password under that username.

    if you were able to connect locally and not remotely, it could be the firewall. go to Network Connections –> local area connection –> Advanced –> Setting –> Exception tab –> Add port 22.

  69. We wan’t to run a SFTP server on a windows 2003 Enterprise Edition in CLUSTER ! Does anyone know which application can be installed in a cluster environment to offer SFTP? Thanks. Steve

  70. Thank you kindly for this wonderful step-by-step howto. I second the earlier recommendation that you add a step which reminds users to start the service after following your instructions as it is not running by default.

  71. Anybody has luck in installing/binding SFTP in clusterd environment. I have one virtual server cluster using two machines

  72. Steve & Anita, it works on clusters, and no luck involved here. Using the manual above, simply note the following:

    – since you can’t use a domain account, create the same local account on each cluster node with the same password, and use it to create each passwd file.

    Now, assuming the sftp directory is on a shared storage, for ex S:\SharedFtp, also note:

    – add OpenSSHd service as a Generic Service resource in the cluster configuration in the same resource group as the shared storage disk and the virtual server IP, with proper dependancy.
    – assign proper NTFS permissions to the home directory S:\SharedFtp in EACH node for the local account created on that particular node. Also you should probably deny access to all other drives and folders outside this directory, in each node, for the ftp account created.

    If you require clarification, just ask.

  73. CopSSH was even easier to install and supports Vista… Customization options from this article carry over as well, e.g. changing the home directory in the passwd file.

  74. How do I run a transaction using a script file? I have tried the following with several variations to no avail.

    sftp -b ScriptFile hostname

    contents of ScriptFile:
    user username_password
    ls
    quit

  75. If you can read, you can successfully install Openssh with this guide. Sickenly simple install with vast possibilities from an administration perspective.

  76. Regarding restricting a user to a directory like WuFTP does, get openssh-chroot and use a UNIX / Linux box for sftp.

    The requirement that you are looking for is called “change root”. WuFTP and openssh-chroot use the same scheme to tell the application to change root the user to their login directory or a parent directory that is part of the home direcotry path.
    In /etc/passwd file, for the home direcotory path, an administrator simply adds /./ to the path for the home directory at the point that the user is to be change rooted to…. example: mysql:*:74:74:MySQL Server:/var/empty/./:/usr/bin/sh Note the /./ after empty. When a user then uses the unix pwd command after login in, they will not see /var/empty as their directory path, but / only, thus performing a cd .. will not move their path to /var, they will remain at /var/empty, but the system will not report this path to the user. Any subdirectories under empty will be accessible, but only if the directory permissions allow. If the users login directory is /export/home/thomas, an administrator could enter /export/home/./thomas. When the user logs in and performs a pwd, they will get /thomas as their directory path. Using change root (chroot) is a great way to restrict user access to the contents of a computer system…. the gotcha. When a user is running in a change rooted environment, they cannot access other parts of the system… this means that in order for them to perform minimal functions, you must create an OS type of environment by replicating at the /./ directory level the minimum library and executable files for the user to be able to function on the system, else chances are they will not be able to log into their change rooted account. For an sftp environment, I would also include the sftpsh shell script. This will disallow users from using ssh or scp from logging onto the server is you trying to restrict the user to sftp only. In the above account example, instead of /usr/bin/sh for the shell, you would change this to /usr/bin/sftpsh.

  77. Thanks, this made installing Open SSH considerably easier. I thought it would take a lot longer, but I was up in minutes thanks to your instructions.

    Thanks!

  78. Thanks! The instructions worked OK on Windows 2003 but only when I installed openssh into directory without _SPACES_.

  79. I installed this on Windows Server 2003. I followed the instructions at the top but got the error (after connecting!):

    Fatal: unable to initialise SFTP on server

    To solve it, I had to use the domain options:

    mkgroup -d >> ..\etc\group
    mkpasswd -l -d -u >> ..\etc\passwd

    and then restart the ‘OpenSSH Server’ service.

    Hope this helps someone..

Comments are closed.