Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Setting up SFTP with openssh on windows 2003 server

Posted on 2010-11-12
12
Medium Priority
?
69 Views
Last Modified: 2016-05-15
I've installed OPENSSH on a Windows 2003 server and have been able to login to SFTP server home directory.  Right now my remaining problem is that when you login to the home directory you can see subdirectories within C:\Program FIles\OpenSSH.

What i did was mostly based on information from http://www.digitalmediaminute.com/article/1487/setting-up-a-sftp-server-on-windows 

1) created user and group for SFTP
2) Installed OPENSSH
3) Ran mkgroup and mkpasswd commands
4) Changed the home directory to be C:\FTPGROUP based on information found http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_21802084.html?sfQueryTermInfo=1+10+30+chang+directori+home+openssh+server+window#a16388948 
5) Started OPENSSH service

I've set NTFS security to prevent navigating up the home directory and have tested but when i'm in the home directory i also see the subdirectories under c:\program files\openssh

I tried locking down that directory but connection fails.

Thanks,
0
Comment
Question by:scoobyftl
  • 7
  • 3
12 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34124505
Did you consider using FileZilla Server? It's free and very easy in use. You can simply set up there SFTP without any other configuration.

If it fulfills your requirements, download it from
http://filezilla-project.org/download.php?type=server

Regards,
Krzysztof
0
 

Author Comment

by:scoobyftl
ID: 34136281
I'll try that one today and let you know.  Thanks for the recommendation.
0
 

Author Comment

by:scoobyftl
ID: 34137079
I've installed filezilla server on another windows box where openssh is not installed.  Have done following configuration:

based on previous documentation read on openssh
create sftp user on pc
create c:\sftptest and assign admins and sftp rights to directory
create c:\sftptest\sftp
give user sftp access to sftp subdirectory

filezilla server:
Set listening port to 22
create user sftp with same password as local machine
point to shared sftptest folder
point to shared sftptest\sftp and assign as home directory
everything else left as default
restarted filezilla server

trying to connect to localhost - sftp://127.0.0.1 user/pass and 22
when trying to connect it times out on client and says could not connect to server
server shows that it connects but not logged in and sends welcome message before disconnecting.
port 22 not being blocked by windows firewall
user/password same on PC, filezilla server and typed correctly on client.

Read the filezilla documentation but don't see where mistake is.  will continue looking around to see where the problem lies.

Thanks
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34144168
Using SFTP you need to create a certificate for connection. Use FileZilla Server for that action. Actually it is FTPS that certificate is needed.

Check this out, please. This is a documents explaining how to create a certificate for FTPS in FileZilla.
http://technobuff.wordpress.com/2009/09/16/install-and-configure-ftp-secure-ftps-or-ftp-ssl-using-filezilla/

Regards,
Krzysztof
0
 

Author Comment

by:scoobyftl
ID: 34148583
Thanks but needs to set up SFTP not FTPS.  
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34149587
OK then, sorry, my mistake :/
0
 

Author Comment

by:scoobyftl
ID: 34176781
After uninstalling openSSH and recreating the directory security on the windows box and following instructions mentioned above it worked.

Changed home directory to c:\sftp in registry
created sftpuser subdirectory under c:\sftp
gave sftpuser rights to c:\sftp\sfptuser
denied all rights to c:\sftp to the sftpuser group

0
 

Author Comment

by:scoobyftl
ID: 34798794
One remaining item on this.  WHen users sftp they can only see their home directory and no other users'.  However, they can also view the contents of openssh directory (bin, docs, etc, home, tmp and usr).  I cannot deny access to bin or etc.  They can't modify but don't want the passwd file exposed either.

THanks
0
 

Author Comment

by:scoobyftl
ID: 34962543
Not concerned about above.  Seems like no much can be done on a windows box.  

I have the following problem though:

I've added another user and this user gets / directory when logging in and cannot access his /home/user folder.   everything done the same way.

1) create windows user
2) add user to SFTP group
3) create c:\sftp\user directory
4) giver user rights to his directory
5) mkpasswd -l -u user
6) stop and restart openssh

when logs in gets taken to / not /home/user

not sure what is going on.  have checked all permissions.  

Thanks
0
 

Accepted Solution

by:
scoobyftl earned 0 total points
ID: 34962727
NEVER MIND:

forgot to remove the group from that user's home directory so it was obviously denying him.  most restrictive.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question