Link to home
Start Free TrialLog in
Avatar of scoobyftl
scoobyftl

asked on

Setting up SFTP with openssh on windows 2003 server

I've installed OPENSSH on a Windows 2003 server and have been able to login to SFTP server home directory.  Right now my remaining problem is that when you login to the home directory you can see subdirectories within C:\Program FIles\OpenSSH.

What i did was mostly based on information from http://www.digitalmediaminute.com/article/1487/setting-up-a-sftp-server-on-windows 

1) created user and group for SFTP
2) Installed OPENSSH
3) Ran mkgroup and mkpasswd commands
4) Changed the home directory to be C:\FTPGROUP based on information found https://www.experts-exchange.com/questions/21802084/Created-a-Secure-FTP-SFTP-via-SSH-server-but-user-local-user-gets-FULL-ACCESS-to-the-server.html?sfQueryTermInfo=1+10+30+chang+directori+home+openssh+server+window&anchorAnswerId=16388948#a16388948 
5) Started OPENSSH service

I've set NTFS security to prevent navigating up the home directory and have tested but when i'm in the home directory i also see the subdirectories under c:\program files\openssh

I tried locking down that directory but connection fails.

Thanks,
Avatar of Krzysztof Pytko
Krzysztof Pytko
Flag of Poland image

Did you consider using FileZilla Server? It's free and very easy in use. You can simply set up there SFTP without any other configuration.

If it fulfills your requirements, download it from
http://filezilla-project.org/download.php?type=server

Regards,
Krzysztof
Avatar of scoobyftl
scoobyftl

ASKER

I'll try that one today and let you know.  Thanks for the recommendation.
I've installed filezilla server on another windows box where openssh is not installed.  Have done following configuration:

based on previous documentation read on openssh
create sftp user on pc
create c:\sftptest and assign admins and sftp rights to directory
create c:\sftptest\sftp
give user sftp access to sftp subdirectory

filezilla server:
Set listening port to 22
create user sftp with same password as local machine
point to shared sftptest folder
point to shared sftptest\sftp and assign as home directory
everything else left as default
restarted filezilla server

trying to connect to localhost - sftp://127.0.0.1 user/pass and 22
when trying to connect it times out on client and says could not connect to server
server shows that it connects but not logged in and sends welcome message before disconnecting.
port 22 not being blocked by windows firewall
user/password same on PC, filezilla server and typed correctly on client.

Read the filezilla documentation but don't see where mistake is.  will continue looking around to see where the problem lies.

Thanks
Using SFTP you need to create a certificate for connection. Use FileZilla Server for that action. Actually it is FTPS that certificate is needed.

Check this out, please. This is a documents explaining how to create a certificate for FTPS in FileZilla.
http://technobuff.wordpress.com/2009/09/16/install-and-configure-ftp-secure-ftps-or-ftp-ssl-using-filezilla/

Regards,
Krzysztof
Thanks but needs to set up SFTP not FTPS.  
OK then, sorry, my mistake :/
After uninstalling openSSH and recreating the directory security on the windows box and following instructions mentioned above it worked.

Changed home directory to c:\sftp in registry
created sftpuser subdirectory under c:\sftp
gave sftpuser rights to c:\sftp\sfptuser
denied all rights to c:\sftp to the sftpuser group

One remaining item on this.  WHen users sftp they can only see their home directory and no other users'.  However, they can also view the contents of openssh directory (bin, docs, etc, home, tmp and usr).  I cannot deny access to bin or etc.  They can't modify but don't want the passwd file exposed either.

THanks
Not concerned about above.  Seems like no much can be done on a windows box.  

I have the following problem though:

I've added another user and this user gets / directory when logging in and cannot access his /home/user folder.   everything done the same way.

1) create windows user
2) add user to SFTP group
3) create c:\sftp\user directory
4) giver user rights to his directory
5) mkpasswd -l -u user
6) stop and restart openssh

when logs in gets taken to / not /home/user

not sure what is going on.  have checked all permissions.  

Thanks
ASKER CERTIFIED SOLUTION
Avatar of scoobyftl
scoobyftl

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial