The easiest way to setup and install an SFTP server in any of the cloud environments – Azure, AWS or GCP is to use our publicly available image cloud SFTP solution in the marketplace. Fast deployment with secure access with our SFTP server solution using SFTP / SSH server software.
SFTP Server (secure file transfer on SSH) protocol. Use it to transfer files securely over encrypted network layers (using SSH2 protocol). SFTP is not just a simple “FTP over SSH” wrapper – it is a newer protocol, supported by all SSH2 servers. Transfer data securely over SSH layer using AES, DES, and BLOWFISH encryption. This solution is an FTP/FTPS/SFTP server that enables users to access remote files over TCP/IP networks such as the Internet. Unlike FTP, FTPS and SFTP protocols provide security and strong encryption of data – great for insecure networks.
Once you’ve deployed our SFTP server solution, the next step is to login via RDP. Refer to one our guides below depending on which cloud solution you are using:
After logging into your VM via RDP the first step is to configure the SFTP application and give your users access:
Generate SFTP Host Keys
On the desktop right click on FreeFTPd and Run as administrator.
This will then launch a task bar icon. In future to control the settings right click on the icon and select “configure“.
The GUI will launch and we now need to select “SFTP / Hostkey“.
As per the screenshot you will need to generate new keys and save them in the following directory:
“C:\Program Files (x86)\freeFTPd\”
Select “1024 bits”
Then hit “Apply & Save“.
Start SFTP Service
Next, Click on SFTP and select “Start SFTP“.
You can add optional greeting message and goodbye message. The default SFTP root directory where the users folders will be located are:
“C:\Program Files (x86)\freeFTPd\sftproot”
On the status tab you should now see the SFTP status as running:
Enable SFTP Logging
Next step is to enable SFTP server logging. Click on ‘Logging‘ and check the box ‘Log events‘ and choose which directory to store log files. Click Apply & Save
Adding Users on SFTP Server
All connections are secure via port 22 (SFTP / SSH).
You have the added option to allow users to connect to the server using a private key that communicates with a public key on the SFTP server.
Open up freeFTPd gui and under users add a new user or select an existing user and change their authentication to password stored as SHA1 hash.
Make a note of this password as it will have to match the passphrase on the private key you’re about to generate.
On the desktop open the PuTTYgen application.
You will need to create a public key and private key for each user.
First make sure under parameters / type of key to generate that RSA is selected. Then press Generate.
Next you will need to move your mouse around the screen in the blank space, as show with the red random lines, this type of movement generates the key.
Keep doing this until the green bar finishes loading and the key is generated.
Once the key is generated, enter a key passphrase, this needs to match the SHA1 password hashon the user account, otherwise login will fail.
Save the public key in the following directory “C:\Program Files (x86)\freeFTPd“.
Making sure to save with no file Extension, as shown in this screenshot. The file name needs to match the username of the account your creating this public key for:
Next is to save the private key and give this to the user who will be connecting. This file name you can name it anything you like:
Setup SFTP User Folders
The first time a user connects, their home folder will be created in the following location:
“C:\Program Files (x86)\freeFTPd\sftproot“
If you experience that a user can’t upload it due to permission issue, change the NTFS permission on their home folder with their account and give write permission.
Automate Backups / Data Synchronization using SFTP
A great use case for an SFTP server is to use it to backup / synchronise any data from your clients. This can be automated using the following scripts using the WinSCP client to automate file transfers:
The SFTP server solution comes pre configured with the required firewall ports. If however you are using a third party firewall or need to manually setup the firewall ports, these are what you need:
Any questions about the setup of the VM in Azure, AWS or GCP contact us directory or leave your comments below.
FAQ
Question: I get the error “The specified address is already in use”.
Answer: This means there is an instance of freeFTPd running in the background. Open up task manager and cancel any other instances of freeFTPd and reopen. Another option is to stop the freeFTPService and restart it.
Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud.
32votes
Article Rating
Subscribe
Please login to comment
23 Comments
Most Voted
NewestOldest
Inline Feedbacks
View all comments
Elnaz T
Guest
5 years ago
Hello,
Thanks for the document . Which one do you recommend ? SFTP in windows 2016 image or on linux server?
Thanks Andrew,
I just created a SFTP server based on your image and documentation . How can I change the home directory ? When I chose another directory I get this :
Error: Failed to parse returned path.
Error: Failed to retrieve directory listing
We may want to attach a big storage and change all home directories to that .
Yes within the freeFTP console under SFTP settings you can change the port here. Make sure to also update the Windows Firewall and any NSG rules you have configured to allow users to connect on the new port.
Alex
Guest
5 years ago
I followed the instructions exactly as they were written and I’m getting this error with FileZilla
Error: Authentication Failed
Error: Critical error: Could not connect to server
I’m assuming your using this on AWS ? Have you checked if any company firewalls are blocking the connection ? Are you using any AWS security groups that could be blocking the connection?
Thanks
Andrew
Fadi Grutel
Guest
4 years ago
Hi,
I am interested in using your solution on our Azure, may I ask you what is the encryption method for this servie?
Thanks
Fadi
Supports SSH File Transfer Protocol (SFTP), FTP, FTP over SSL/TLS (FTPS)
Create private / public keys for secure communication between clients
Supports resume and transfer of large files
Multiple methods of encryption including AES 128, AES 256, 3DES, Blowfish, and more
Encryption with SSL/TLS (for FTPS)
Per-user permissions on the underlying file system
Active Directory integration LDAP
GUI configuration tool
Restrict access to connect with IP address ACL
Logging
Create Virtual Directories
View / Disconnect active users
Limit max connections and set idle timeout
Ability to change ports
Set max transfer rate per user
Thanks, Andrew,
I am sorry to not mention that we just want to use the SFTP service, not FTp, for this what is exactly encryption method? How can I see the configuration?
Andrew,
Sorry for many questions,
But my company needs to make sure before implementing the solution in our environment.
1- As I understand SSH is a method for secure access to the server . I mean it secures username and passwords.
2- My question is, are my files on SFTP server encrypted? I see this “Transfer data securely over SSH layer using AES, DES, and BLOWFISH encryption” but which AES? AES-128, AES-192, and AES-256?
Thanks
Elnaz
K.S.
Guest
4 years ago
Are the files that are stored on the server Encyrpted themselves??
All data in transit that is being transferred to and from the SFTP server is also encrypted by default without needing to encrypted the VM disks.
Fadi Grutel
Guest
4 years ago
Is 2019 version similar to 2016 ? I am using 2016 deployment.
Erick Wilts
Member
2 years ago
Is it possible to start the (S)FTP server as soon as Windows starts up? I’m asking this because I implemented this on Azure and I use the VM very sparingly so it shuts off after several hours of inactivity.
yes this can be automated using a Powershell startup script that forces the freeFTPd service to start
Erick Wilts
Member
2 years ago
When trying to connect using the python library ftplib, I’m getting a WRONG_VERSION_NUMBER error. But I can’t find what the required SSL version is. Can I change that in freeFTPd? If not, where can I find which SSL version is used (if I know that, I can downgrade the ssl library in Python)?
Hi Erick, within your SFTP client it should be in the log of your connection. Try connecting via WinSCP client and watch the log as it connects and it should tell you the version
Hello,
Thanks for the document . Which one do you recommend ? SFTP in windows 2016 image or on linux server?
Hi Elnaz,
I would recommend the SFTP in windows 2016 image, very easy to use and very secure
Thank you
Andrew
Thanks Andrew,
I just created a SFTP server based on your image and documentation . How can I change the home directory ? When I chose another directory I get this :
Error: Failed to parse returned path.
Error: Failed to retrieve directory listing
We may want to attach a big storage and change all home directories to that .
Thanks
I just figured out how to change root directory 🙂
Hi Could you please post how to change the root directory, in my case i have share single folder to two different user’s. this would be helpful
Hi,
Sure, The SFTP server root that user directories will be created are :
C:\Program Files (x86)\freeFTPd\
To change this open the freeFTP gui and under ‘SFTP’ settings, you will be able to change the root directory
Thanks
Andrew
How can we change the SFTP port from 22 to another port ?
Yes within the freeFTP console under SFTP settings you can change the port here. Make sure to also update the Windows Firewall and any NSG rules you have configured to allow users to connect on the new port.
I followed the instructions exactly as they were written and I’m getting this error with FileZilla
Error: Authentication Failed
Error: Critical error: Could not connect to server
I created the user through local account
Hi,
I’m assuming your using this on AWS ? Have you checked if any company firewalls are blocking the connection ? Are you using any AWS security groups that could be blocking the connection?
Thanks
Andrew
Hi,
I am interested in using your solution on our Azure, may I ask you what is the encryption method for this servie?
Thanks
Fadi
Hi Fadi,
The solution uses the following features:
Supports SSH File Transfer Protocol (SFTP), FTP, FTP over SSL/TLS (FTPS)
Create private / public keys for secure communication between clients
Supports resume and transfer of large files
Multiple methods of encryption including AES 128, AES 256, 3DES, Blowfish, and more
Encryption with SSL/TLS (for FTPS)
Per-user permissions on the underlying file system
Active Directory integration LDAP
GUI configuration tool
Restrict access to connect with IP address ACL
Logging
Create Virtual Directories
View / Disconnect active users
Limit max connections and set idle timeout
Ability to change ports
Set max transfer rate per user
Thanks
Andrew
Thanks, Andrew,
I am sorry to not mention that we just want to use the SFTP service, not FTp, for this what is exactly encryption method? How can I see the configuration?
Hi,
Sure, you simply enable SFTP service within the server. You can leave FTP disabled
The encryption method is SSH private/public keys
Thanks
Andrew
Andrew,
Sorry for many questions,
But my company needs to make sure before implementing the solution in our environment.
1- As I understand SSH is a method for secure access to the server . I mean it secures username and passwords.
2- My question is, are my files on SFTP server encrypted? I see this “Transfer data securely over SSH layer using AES, DES, and BLOWFISH encryption” but which AES? AES-128, AES-192, and AES-256?
Thanks
Elnaz
Are the files that are stored on the server Encyrpted themselves??
Yes if you configure the server with encrypted disks, then yes all data stored on the server will be encrypted. Here is a link on how to enable disk encryption:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-portal-quickstart#encrypt-the-virtual-machine
OR
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-windows#enable-encryption-on-an-existing-or-running-windows-vm
All data in transit that is being transferred to and from the SFTP server is also encrypted by default without needing to encrypted the VM disks.
Is 2019 version similar to 2016 ? I am using 2016 deployment.
Is it possible to start the (S)FTP server as soon as Windows starts up? I’m asking this because I implemented this on Azure and I use the VM very sparingly so it shuts off after several hours of inactivity.
yes this can be automated using a Powershell startup script that forces the freeFTPd service to start
When trying to connect using the python library ftplib, I’m getting a WRONG_VERSION_NUMBER error. But I can’t find what the required SSL version is. Can I change that in freeFTPd? If not, where can I find which SSL version is used (if I know that, I can downgrade the ssl library in Python)?
Hi Erick, within your SFTP client it should be in the log of your connection. Try connecting via WinSCP client and watch the log as it connects and it should tell you the version