Solved

Setting up SFTP with openssh on windows 2003 server

Posted on 2010-11-12
12
39 Views
Last Modified: 2016-05-15
I've installed OPENSSH on a Windows 2003 server and have been able to login to SFTP server home directory.  Right now my remaining problem is that when you login to the home directory you can see subdirectories within C:\Program FIles\OpenSSH.

What i did was mostly based on information from http://www.digitalmediaminute.com/article/1487/setting-up-a-sftp-server-on-windows

1) created user and group for SFTP
2) Installed OPENSSH
3) Ran mkgroup and mkpasswd commands
4) Changed the home directory to be C:\FTPGROUP based on information found http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_21802084.html?sfQueryTermInfo=1+10+30+chang+directori+home+openssh+server+window#a16388948
5) Started OPENSSH service

I've set NTFS security to prevent navigating up the home directory and have tested but when i'm in the home directory i also see the subdirectories under c:\program files\openssh

I tried locking down that directory but connection fails.

Thanks,
0
Comment
Question by:scoobyftl
  • 7
  • 3
12 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34124505
Did you consider using FileZilla Server? It's free and very easy in use. You can simply set up there SFTP without any other configuration.

If it fulfills your requirements, download it from
http://filezilla-project.org/download.php?type=server

Regards,
Krzysztof
0
 

Author Comment

by:scoobyftl
ID: 34136281
I'll try that one today and let you know.  Thanks for the recommendation.
0
 

Author Comment

by:scoobyftl
ID: 34137079
I've installed filezilla server on another windows box where openssh is not installed.  Have done following configuration:

based on previous documentation read on openssh
create sftp user on pc
create c:\sftptest and assign admins and sftp rights to directory
create c:\sftptest\sftp
give user sftp access to sftp subdirectory

filezilla server:
Set listening port to 22
create user sftp with same password as local machine
point to shared sftptest folder
point to shared sftptest\sftp and assign as home directory
everything else left as default
restarted filezilla server

trying to connect to localhost - sftp://127.0.0.1 user/pass and 22
when trying to connect it times out on client and says could not connect to server
server shows that it connects but not logged in and sends welcome message before disconnecting.
port 22 not being blocked by windows firewall
user/password same on PC, filezilla server and typed correctly on client.

Read the filezilla documentation but don't see where mistake is.  will continue looking around to see where the problem lies.

Thanks
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34144168
Using SFTP you need to create a certificate for connection. Use FileZilla Server for that action. Actually it is FTPS that certificate is needed.

Check this out, please. This is a documents explaining how to create a certificate for FTPS in FileZilla.
http://technobuff.wordpress.com/2009/09/16/install-and-configure-ftp-secure-ftps-or-ftp-ssl-using-filezilla/

Regards,
Krzysztof
0
 

Author Comment

by:scoobyftl
ID: 34148583
Thanks but needs to set up SFTP not FTPS.  
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34149587
OK then, sorry, my mistake :/
0
 

Author Comment

by:scoobyftl
ID: 34176781
After uninstalling openSSH and recreating the directory security on the windows box and following instructions mentioned above it worked.

Changed home directory to c:\sftp in registry
created sftpuser subdirectory under c:\sftp
gave sftpuser rights to c:\sftp\sfptuser
denied all rights to c:\sftp to the sftpuser group

0
 

Author Comment

by:scoobyftl
ID: 34798794
One remaining item on this.  WHen users sftp they can only see their home directory and no other users'.  However, they can also view the contents of openssh directory (bin, docs, etc, home, tmp and usr).  I cannot deny access to bin or etc.  They can't modify but don't want the passwd file exposed either.

THanks
0
 

Author Comment

by:scoobyftl
ID: 34962543
Not concerned about above.  Seems like no much can be done on a windows box.  

I have the following problem though:

I've added another user and this user gets / directory when logging in and cannot access his /home/user folder.   everything done the same way.

1) create windows user
2) add user to SFTP group
3) create c:\sftp\user directory
4) giver user rights to his directory
5) mkpasswd -l -u user
6) stop and restart openssh

when logs in gets taken to / not /home/user

not sure what is going on.  have checked all permissions.  

Thanks
0
 

Accepted Solution

by:
scoobyftl earned 0 total points
ID: 34962727
NEVER MIND:

forgot to remove the group from that user's home directory so it was obviously denying him.  most restrictive.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now