Skip to main content

Setting up a SFTP Server on Windows

I have been working with SFTP (FTP over Secure Shell, so is thus encrypted), and needed a free or low cost solution to setup an SFTP server on windows (not to be confused with FTPS, which is a bit different).  I came across this great blog entry from, so this information comes from them with a few minor updates from me.
This tutorial will help you turn your Windows based system into a SecureFTP (SFTP) server.
Secure Shell (SSH) is a program that lets you log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. When using ssh, the entire login session, including transmission of password, is encrypted and therefore is very secure.<more/>You may have noticed that many webhosts allow ssh access. This means that you can login to their webserver and execute many UNIX commands (the ones they allow you access to) on your account. Not only can you connect to other computers that provide SSH access, but you can also allow others to connect to your computer using SSH.
To take this one step further, you can also turn your Windows PC into a Secure FTP (SFTP) server. SFTP is a program that uses SSH to transfer files. Unlike standard FTP, it encrypts both commands and data, preventing passwords and sensitive information from being transmitted in clear text over the Internet. It is similar to FTP, but because it uses a different protocol, you must use a FTP client that supports SFTP (more about that later).
<b>Installing SSH on Windows</b>
Most UNIX based systems (Linux and OSX) come with SSH preinstalled, so connecting to a remote host is very easy. However, if you run a Windows system, you need to download some additional software to make the SSH programs available to you. Fortunately a free open-source project called SSHWindows, provides a nice Windows installer that will setup the SSH client and Server on your system.
Your first step will be to download the Binary Installer Release from SSHWindows. Once downloaded, run the installer and be sure to install both the client and server components.
<b>Configure the SSH Server</b>
In this next step, I have summarized the information that is included with the readme.txt that is included with SSHWindows (it can be found in c:\program files\openssh\docs)
Your first configuration step is to set up the passwd file. You will need to set up the passwd file before any logins can take place.
Passwd creation is relatively easy and can be done using two programs that are included with SSHWindows – mkgroup and mkpasswd. Both of these programs are located in the c:\program files\openssh\bin directory.
To begin creating the group and passwd files, open a command prompt window and navigate to the c:\program files\openssh directory.
You must first create a group file. To add all local groups on your computer to the group file, type the command as shown below:
mkgroup -l >> ..\etc\group
You will now need to create a passwd file. Any users in the passwd file will be able to log on with SSH. For this reason, it is recommended that you add users individually with the -u switch. To add a user to the passwd file type the command shown below:
mkpasswd -l -u username >> ..\etc\passwd
NOTE: the username specified above must be an existing windows login account.
<b>Creating Home Directories for you Users</b>
In the passwd file, you will notice that the user's home directory is set as /home/username, with username being the name of the account. In the default install, the /home directory is set to the default profile directory for all users. This is usually c:\documents and settings.
If you want to change this location you will need to edit the passwd file. The passwd file is in plain text and can be edited in Notepad or any text editor. The last two entries for each user are safe to edit by hand. The second to last entry (/home/username) can be replaced with any other directory to act as that user's home directory. It's worth noting that when you run SSH on windows, you are actually running SSH in a scaled down version of cygwin, which is a Unix emulator for Windows. So, if you will be placing the user somewhere outside the default directory for their Windows profile, you will need to use the cygdrive notation.
To access any folder on any drive letter, add /cygdrive/DRIVELETTER/ at the beginning of the folder path. As an example, to access the winnt\system32 directory on the *c:* drive you would use the path:
<b>Start the Windows Service</b>
At this point, go into your Administrative Tools/Services tool and start the "OpenSSH Server" service.  At the same time, you should look at any firewall configuration you may have setup to allow or block SSH and SFTP connections.  This server will open your server for both, so KNOW who will be connecting to your server and how!
<b>Connecting to your SFTP Server</b>
To connect to your new SFTP server, you will need to download an FTP client that supports SFTP. I use Filezilla which is a nice free FTP and SFTP client. You might also try WinSCP which is another free SFTP client.
To test if your server is running, create a new connection in your client and specify SFTP as the server type, 22 as the port, and localhost or as the server name. You will also need to provide the user account and password for any account that you added to your passwd file. Now connect to the server. If all went well, you should see a directory listing where you pointed the home folder to. If not, there are a couple of things to check. Make sure your Windows firewall is set to allow traffic over port 22 and finally double check your passwd file to make sure that the account you added is actually there.
Because SSH allows access to only Windows user accounts, you can restrict access based upon NTFS file permissions. As such, SFTP does not provide for chroot jails (a Unix method for locking a user to his/her home directory). Simply lock down your filesystem for that user, and SFTP will respect that.
In the end, setting up an SFTP server turned out to be a very effortless task. With a couple of open source programs and a couple of command-line commands, you can up and running in no time at all!

Popular posts from this blog

Installing python 3.4.x on OSX El Capitan

I love "brew" package manager, but sometimes being too progressive breaks things.  I have several python apps that I maintain that get deployed to AWS using Elastic Beanstalk.  AWS eb can deploy with python 2.7 or 3.4.  Any recent 'brew install python3" will get 3.5.1. #annoying

Making Macbook Air with 128GB SSD usable with Bootcamp

I recently got a new Macbook Air 11" (the 2012 version) and loaded it with goodies like 8GB ram and 2GHz Core i7.  What I DIDN'T upgrade was the internal SSD.  My config came with 128GB SSD and I refused to pay $300+ to upgrade it to 256GB.  Yeah I know, some call me cheap, but SSds cost $75-$150 for 240GB, so adding another 128GB for $300 seemed way too steep for me.  I figured "ok, I'm going to make 128G work!"

Here is the story of how that went...

Election day plus 1: Social Media Nightmare

It is election day plus 1, and a very emotional day with no way to win for many.

Social media was a force to be reckoned with this election year.  No matter what position you take, the world is ready to pounce on you and tell you why YOU are evil, intolerant or a deplorable -- and the reason for all their woes.  This isn't a new problem, though...  All of the liberal vs conservative issues are causing rifts between otherwise civil people, and it seems to be the worst on Facebook and twitter.

If I say I am for Hillary:
i am part of the "corrupt system."

If I say I am against Hillary:
I am stupid and uneducated

If I say I am for Trump:
I am against women,
I am religiously intolerant,
I am a bigot

If I say I am against Trump:
I am against the 2nd amendment,
I don't have any idea how government works,
I am part of the problem with American society,
I am against the police

Stay with me now, this isn't meant to make people angry, but it is mean to shine some light on a social …