skbarnard
asked on
SFTP Server setup
We have an FTP server but are now being asked for a SFTP setup. We've locked down our FTP server so the vendor or whoever needs to access it can only access that server and nothing else on our network but I'm assuming that when data is transferred, it transfers in plain text.
This may be a stupid part to this question == if someone is transferring data using something like FileZilla and the FTP server isn't a SFTP server, can they still choose to use port 22 (the SSH port?
If not, can someone point me to some documentation on how to set up SFTP on our FTP server?
This may be a stupid part to this question == if someone is transferring data using something like FileZilla and the FTP server isn't a SFTP server, can they still choose to use port 22 (the SSH port?
If not, can someone point me to some documentation on how to set up SFTP on our FTP server?
Dave Baldwin
SFTP / SSH server will be a separate program. When you install it to use port 22, other programs will not be able to use port 22. CoreFTP has one: http://www.coreftp.com/server/ FreeSSHd has one http://www.freesshd.com/ but it is pretty simple minded. Some of the programs on this page support SFTP: https://en.wikipedia.org/wiki/List_of_FTP_server_software Note that Filezilla Server does Not provide SFTP.
This is where it gets confusing. There is SFTP and there is FTPS.
FTPS is FTP with SSL and is supported by most FTP server programs including the completely free FileZilla FTP Server. It uses standard FTP protocols but adds an SSL layer to encrypt the traffic.
SFTP is FTP over SSH which is generally secured by a certificate and is also secure. Some people argue that SFTP is more secure than FTPS but as long as the underlying certificate is strong it shouldn't matter.
Ports below 1024 are usually reserved for special functions. Port 22 is reserved for SSH so while it's theoretically possible to support open FTP over port 22 it's not a good idea. Not every client will support that.
In addition to the above suggestions, I've had good experience with https://www.bitvise.com/ssh-server. Once the initial configuration is done (which wasn't that hard) maintaining security was fairly easy and it worked like a charm.
How exactly you would setup an SFTP server is entirely dependent on the server software you choose. You would need to refer to the documentation that accompanies the software solution you are using.
FTPS is FTP with SSL and is supported by most FTP server programs including the completely free FileZilla FTP Server. It uses standard FTP protocols but adds an SSL layer to encrypt the traffic.
SFTP is FTP over SSH which is generally secured by a certificate and is also secure. Some people argue that SFTP is more secure than FTPS but as long as the underlying certificate is strong it shouldn't matter.
Ports below 1024 are usually reserved for special functions. Port 22 is reserved for SSH so while it's theoretically possible to support open FTP over port 22 it's not a good idea. Not every client will support that.
In addition to the above suggestions, I've had good experience with https://www.bitvise.com/ssh-server. Once the initial configuration is done (which wasn't that hard) maintaining security was fairly easy and it worked like a charm.
How exactly you would setup an SFTP server is entirely dependent on the server software you choose. You would need to refer to the documentation that accompanies the software solution you are using.
In principle, known applications use well known ports. e.g. ssh uses port 22.
Most of servers will have option to change the port they listen to. When you change port number for the server make sure no other server / application is using it.
Please note that changing port does not mean that protocol change also. Changing your ftp server port to 22 doesn't make it sftp server.
To use sftp clients need sftp client.
What is your platform?
Most of servers will have option to change the port they listen to. When you change port number for the server make sure no other server / application is using it.
Please note that changing port does not mean that protocol change also. Changing your ftp server port to 22 doesn't make it sftp server.
To use sftp clients need sftp client.
What is your platform?
ASKER
Update --
I think when I put this question in, I hadn't actually created the FTP site in IIS. The FTP site has been created but now when I test whether we can actually FTP to this directory, I get the error "530 User cannot log in, home directory inaccessible"
I've created a self-signed certificate and that is verified (and works) with each log in attempt. It appears the login credentials are working, it has to be some server setting, IIS setting, or permissions setting on the home folder.
I've double-checked all of these and the account is allowed to log onto the server 'locally', I made the account the owner of the home folder, I've created an 'allow rule' in IIS to allow this user access to the FTP site, I've re-checked all the bindings and everything looks correct.
Anyone have any input?
I think when I put this question in, I hadn't actually created the FTP site in IIS. The FTP site has been created but now when I test whether we can actually FTP to this directory, I get the error "530 User cannot log in, home directory inaccessible"
I've created a self-signed certificate and that is verified (and works) with each log in attempt. It appears the login credentials are working, it has to be some server setting, IIS setting, or permissions setting on the home folder.
I've double-checked all of these and the account is allowed to log onto the server 'locally', I made the account the owner of the home folder, I've created an 'allow rule' in IIS to allow this user access to the FTP site, I've re-checked all the bindings and everything looks correct.
Anyone have any input?
ASKER
Just revisiting to see if any other, new comments have been placed, it appears not.
I realize I didn't provide the platform as requested by omarfarid so let me do that.
The server is a Windows 2008 R2 using IIS 7.0.
Another question for omarfarid - when you're saying users need to use the sftp client, is that something I need to install or are you referring to something like FileZilla or WinSCP?
I've actually tried logging in as the user using both of these applications and continue to get the same error (worded differently in each application but still the same error).
It appears the connection to the server is made but the log in fails. What more do I need to do?
I realize I didn't provide the platform as requested by omarfarid so let me do that.
The server is a Windows 2008 R2 using IIS 7.0.
Another question for omarfarid - when you're saying users need to use the sftp client, is that something I need to install or are you referring to something like FileZilla or WinSCP?
I've actually tried logging in as the user using both of these applications and continue to get the same error (worded differently in each application but still the same error).
It appears the connection to the server is made but the log in fails. What more do I need to do?
Sorry for not replying earlier.
Yes, to use sftp to access folders, etc. you need sftp server running om windows server like WinScp. Below link shows how to install:
https://winscp.net/eng/docs/guide_windows_openssh_server
Yes, to use sftp to access folders, etc. you need sftp server running om windows server like WinScp. Below link shows how to install:
https://winscp.net/eng/docs/guide_windows_openssh_server
@ skbarnard,
Is the sftp server / access is working now?
Is the sftp server / access is working now?
ASKER
Hi Omarfarid,
I'm still having difficulties getting this working. I set this up using IIS 7.5; I have another site I created that is working just fine albeit, that vendor is putting a file there, not trying to pull a file from there -- that's the only difference - what the vendor is doing once connected.
I've looked through the properties for every aspect of the site that works and made sure the settings are the same in this new FTP site.
I've tested logging into the server using the account the new vendor will use (both from an internal computer and one that simulates access from outside our network) and it appears it connects to the server but then I receive the error shown in the attached file
FileZilla-FTPError.pdf
I'm still having difficulties getting this working. I set this up using IIS 7.5; I have another site I created that is working just fine albeit, that vendor is putting a file there, not trying to pull a file from there -- that's the only difference - what the vendor is doing once connected.
I've looked through the properties for every aspect of the site that works and made sure the settings are the same in this new FTP site.
I've tested logging into the server using the account the new vendor will use (both from an internal computer and one that simulates access from outside our network) and it appears it connects to the server but then I receive the error shown in the attached file
FileZilla-FTPError.pdf
This is ftp server not sftp server !
Are you looking for ftps ?
Are you looking for ftps ?
ASKER
The vendor I'm setting this up for is going to be pulling a file from our FTP server, it has information in it we need to keep secure. The vendor states they're going to use WinSCP and use FTP port 22 to grab the information.
I had set the bindings in IIS to use FTP port 22 for this site but to test things a little further, I changed the bindings to use port 21 and tried the connection again and the same error came up (can't connect - user home directory inaccessible)
I think what I'm trying is to get ftps working but whichever way allows the use of port 22.
Why would the home directory be inaccessible? I've checked the permissions and the user account has full control permission on the folder.
I'm thinking this could just be a setting I've missed in IIS but I can't seem to see the answer -- feeling like I'm in the weeds.
I had set the bindings in IIS to use FTP port 22 for this site but to test things a little further, I changed the bindings to use port 21 and tried the connection again and the same error came up (can't connect - user home directory inaccessible)
I think what I'm trying is to get ftps working but whichever way allows the use of port 22.
Why would the home directory be inaccessible? I've checked the permissions and the user account has full control permission on the folder.
I'm thinking this could just be a setting I've missed in IIS but I can't seem to see the answer -- feeling like I'm in the weeds.
IIS doesn't support SFTP. Install SFTP server then try.
ASKER
I can give that a shot but will that clear up the 'home directory inaccessible' error that I'm getting even using standard FTP port 21?
ASKER
Had to put this project on the back burner for a few days so I haven't yet installed the SFTP server. Will report back in a few.
ASKER
Sorry, still haven't yet tried the SFTP server install. Actually, trying right now to install via the instructions in the link provided by omarfarid and I'm running into a Powershell error. (see attached)
I've copied the PS1 file to c:\windows\System32 since most (if not all) batch powershell files want to execute from this directory so the file should be in the 'path'.
I'm not what I would call a powershell programmer but I do alright with it but I don't have any idea why I'm getting this error. Can anyone expand on this?
InstallSSHD-Error.pdf
I've copied the PS1 file to c:\windows\System32 since most (if not all) batch powershell files want to execute from this directory so the file should be in the 'path'.
I'm not what I would call a powershell programmer but I do alright with it but I don't have any idea why I'm getting this error. Can anyone expand on this?
InstallSSHD-Error.pdf
ASKER
Again, sorry for the delay, finally had time to revisit my open questions
To Russ Suter -- you mentioned Bitvise.com/ssh-server; this seems a promising application. When set up, am I understanding that our vendor could then use WinSCP or FileZilla and transfer a file from our server to theirs via a secure FTP connection?
Would you happen to know the pricing of this application? I haven't downloaded it yet; I'd hate to really like this application but be unable to purchase the necessary license if the pricing is out of our league.
To Russ Suter -- you mentioned Bitvise.com/ssh-server; this seems a promising application. When set up, am I understanding that our vendor could then use WinSCP or FileZilla and transfer a file from our server to theirs via a secure FTP connection?
Would you happen to know the pricing of this application? I haven't downloaded it yet; I'd hate to really like this application but be unable to purchase the necessary license if the pricing is out of our league.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.