Avatar of scoobyftl
scoobyftl asked on

Setting up SFTP with openssh on windows 2003 server

I've installed OPENSSH on a Windows 2003 server and have been able to login to SFTP server home directory.  Right now my remaining problem is that when you login to the home directory you can see subdirectories within C:\Program FIles\OpenSSH.

What i did was mostly based on information from http://www.digitalmediaminute.com/article/1487/setting-up-a-sftp-server-on-windows 

1) created user and group for SFTP
2) Installed OPENSSH
3) Ran mkgroup and mkpasswd commands
4) Changed the home directory to be C:\FTPGROUP based on information found https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_21802084.html?sfQueryTermInfo=1+10+30+chang+directori+home+openssh+server+window#a16388948 
5) Started OPENSSH service

I've set NTFS security to prevent navigating up the home directory and have tested but when i'm in the home directory i also see the subdirectories under c:\program files\openssh

I tried locking down that directory but connection fails.

Thanks,
SSH / Telnet SoftwareWindows Server 2003

Avatar of undefined
Last Comment
scoobyftl

8/22/2022 - Mon
Krzysztof Pytko

Did you consider using FileZilla Server? It's free and very easy in use. You can simply set up there SFTP without any other configuration.

If it fulfills your requirements, download it from
http://filezilla-project.org/download.php?type=server

Regards,
Krzysztof
ASKER
scoobyftl

I'll try that one today and let you know.  Thanks for the recommendation.
ASKER
scoobyftl

I've installed filezilla server on another windows box where openssh is not installed.  Have done following configuration:

based on previous documentation read on openssh
create sftp user on pc
create c:\sftptest and assign admins and sftp rights to directory
create c:\sftptest\sftp
give user sftp access to sftp subdirectory

filezilla server:
Set listening port to 22
create user sftp with same password as local machine
point to shared sftptest folder
point to shared sftptest\sftp and assign as home directory
everything else left as default
restarted filezilla server

trying to connect to localhost - sftp://127.0.0.1 user/pass and 22
when trying to connect it times out on client and says could not connect to server
server shows that it connects but not logged in and sends welcome message before disconnecting.
port 22 not being blocked by windows firewall
user/password same on PC, filezilla server and typed correctly on client.

Read the filezilla documentation but don't see where mistake is.  will continue looking around to see where the problem lies.

Thanks
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Krzysztof Pytko

Using SFTP you need to create a certificate for connection. Use FileZilla Server for that action. Actually it is FTPS that certificate is needed.

Check this out, please. This is a documents explaining how to create a certificate for FTPS in FileZilla.
http://technobuff.wordpress.com/2009/09/16/install-and-configure-ftp-secure-ftps-or-ftp-ssl-using-filezilla/

Regards,
Krzysztof
ASKER
scoobyftl

Thanks but needs to set up SFTP not FTPS.  
Krzysztof Pytko

OK then, sorry, my mistake :/
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
scoobyftl

After uninstalling openSSH and recreating the directory security on the windows box and following instructions mentioned above it worked.

Changed home directory to c:\sftp in registry
created sftpuser subdirectory under c:\sftp
gave sftpuser rights to c:\sftp\sfptuser
denied all rights to c:\sftp to the sftpuser group

ASKER
scoobyftl

One remaining item on this.  WHen users sftp they can only see their home directory and no other users'.  However, they can also view the contents of openssh directory (bin, docs, etc, home, tmp and usr).  I cannot deny access to bin or etc.  They can't modify but don't want the passwd file exposed either.

THanks
ASKER
scoobyftl

Not concerned about above.  Seems like no much can be done on a windows box.  

I have the following problem though:

I've added another user and this user gets / directory when logging in and cannot access his /home/user folder.   everything done the same way.

1) create windows user
2) add user to SFTP group
3) create c:\sftp\user directory
4) giver user rights to his directory
5) mkpasswd -l -u user
6) stop and restart openssh

when logs in gets taken to / not /home/user

not sure what is going on.  have checked all permissions.  

Thanks
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER CERTIFIED SOLUTION
scoobyftl

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question