Setting up SFTP with openssh on windows 2003 server

Posted on 2010-11-12
Medium Priority
Last Modified: 2016-05-15
I've installed OPENSSH on a Windows 2003 server and have been able to login to SFTP server home directory.  Right now my remaining problem is that when you login to the home directory you can see subdirectories within C:\Program FIles\OpenSSH.

What i did was mostly based on information from http://www.digitalmediaminute.com/article/1487/setting-up-a-sftp-server-on-windows 

1) created user and group for SFTP
2) Installed OPENSSH
3) Ran mkgroup and mkpasswd commands
4) Changed the home directory to be C:\FTPGROUP based on information found http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_21802084.html?sfQueryTermInfo=1+10+30+chang+directori+home+openssh+server+window#a16388948 
5) Started OPENSSH service

I've set NTFS security to prevent navigating up the home directory and have tested but when i'm in the home directory i also see the subdirectories under c:\program files\openssh

I tried locking down that directory but connection fails.

Question by:scoobyftl
  • 7
  • 3
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34124505
Did you consider using FileZilla Server? It's free and very easy in use. You can simply set up there SFTP without any other configuration.

If it fulfills your requirements, download it from


Author Comment

ID: 34136281
I'll try that one today and let you know.  Thanks for the recommendation.

Author Comment

ID: 34137079
I've installed filezilla server on another windows box where openssh is not installed.  Have done following configuration:

based on previous documentation read on openssh
create sftp user on pc
create c:\sftptest and assign admins and sftp rights to directory
create c:\sftptest\sftp
give user sftp access to sftp subdirectory

filezilla server:
Set listening port to 22
create user sftp with same password as local machine
point to shared sftptest folder
point to shared sftptest\sftp and assign as home directory
everything else left as default
restarted filezilla server

trying to connect to localhost - sftp:// user/pass and 22
when trying to connect it times out on client and says could not connect to server
server shows that it connects but not logged in and sends welcome message before disconnecting.
port 22 not being blocked by windows firewall
user/password same on PC, filezilla server and typed correctly on client.

Read the filezilla documentation but don't see where mistake is.  will continue looking around to see where the problem lies.

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34144168
Using SFTP you need to create a certificate for connection. Use FileZilla Server for that action. Actually it is FTPS that certificate is needed.

Check this out, please. This is a documents explaining how to create a certificate for FTPS in FileZilla.


Author Comment

ID: 34148583
Thanks but needs to set up SFTP not FTPS.  
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34149587
OK then, sorry, my mistake :/

Author Comment

ID: 34176781
After uninstalling openSSH and recreating the directory security on the windows box and following instructions mentioned above it worked.

Changed home directory to c:\sftp in registry
created sftpuser subdirectory under c:\sftp
gave sftpuser rights to c:\sftp\sfptuser
denied all rights to c:\sftp to the sftpuser group


Author Comment

ID: 34798794
One remaining item on this.  WHen users sftp they can only see their home directory and no other users'.  However, they can also view the contents of openssh directory (bin, docs, etc, home, tmp and usr).  I cannot deny access to bin or etc.  They can't modify but don't want the passwd file exposed either.


Author Comment

ID: 34962543
Not concerned about above.  Seems like no much can be done on a windows box.  

I have the following problem though:

I've added another user and this user gets / directory when logging in and cannot access his /home/user folder.   everything done the same way.

1) create windows user
2) add user to SFTP group
3) create c:\sftp\user directory
4) giver user rights to his directory
5) mkpasswd -l -u user
6) stop and restart openssh

when logs in gets taken to / not /home/user

not sure what is going on.  have checked all permissions.  


Accepted Solution

scoobyftl earned 0 total points
ID: 34962727

forgot to remove the group from that user's home directory so it was obviously denying him.  most restrictive.

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.

586 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question