The easiest way to setup and install an SFTP server in any of the cloud environments – Azure, AWS or GCP is to use our publicly available image cloud SFTP solution in the marketplace. Fast deployment with secure access with our SFTP server solution using SFTP / SSH server software.
SFTP Server (secure file transfer on SSH) protocol. Use it to transfer files securely over encrypted network layers (using SSH2 protocol). SFTP is not just a simple “FTP over SSH” wrapper – it is a newer protocol, supported by all SSH2 servers. Transfer data securely over SSH layer using AES, DES, and BLOWFISH encryption. This solution is an FTP/FTPS/SFTP server that enables users to access remote files over TCP/IP networks such as the Internet. Unlike FTP, FTPS and SFTP protocols provide security and strong encryption of data – great for insecure networks.
Cloud SFTP Server
Table of Contents
Getting Started with SFTP Server
RDP to New SFTP Server
After logging into your VM via RDP the first step is to configure the SFTP application and give your users access:
Generate SFTP Host Keys
On the desktop right click on FreeFTPd and Run as administrator.
This will then launch a task bar icon. In future to control the settings right click on the icon and select “configure“.
The GUI will launch and we now need to select “SFTP / Hostkey“.
As per the screenshot you will need to generate new keys and save them in the following directory:
“C:\Program Files (x86)\freeFTPd\”
Select “1024 bits”
Then hit “Apply & Save“.
Start SFTP Service
Next, Click on SFTP and select “Start SFTP“.
You can add optional greeting message and goodbye message. The default SFTP root directory where the users folders will be located are:
“C:\Program Files (x86)\freeFTPd\sftproot”
On the status tab you should now see the SFTP status as running:
Enable SFTP Logging
Next step is to enable SFTP server logging. Click on ‘Logging‘ and check the box ‘Log events‘ and choose which directory to store log files. Click Apply & Save
Adding Users on SFTP Server
All connections are secure via port 22 (SFTP / SSH).
There are 3 options
- Authenticate local Users with username / password
- Authenticate Active Directory Users
- Authenticate users with Private/Public ssh keys
Adding Local Users
To authenticate local users on the server, add users via computer management as shown in the screenshot below:
In this example there were 4 users added : (ftp1,ftp2,ftp3,ftp4).
Next, open up the freFTPd gui and under the users tab we will add these local users we just created.
Click on Add user and enter the username of the local user and select NT Authentication.
Leave the home directory as the default and uncheck FTP and make sure SFTP is selected and press apply, as shown below:
Adding Active Directory Users
To authenticate with Active Directory, open up the users tab within the freeFTPd gui and click add user.
Add the username(SAMAccount) of the user, select NT Authentication and enter the domain name of your AD, as shown in this example.
Make sure FTP is unselected and SFTP is selected.
Authenticate with Private/Public keys via SSH
You have the added option to allow users to connect to the server using a private key that communicates with a public key on the SFTP server.
Open up freeFTPd gui and under users add a new user or select an existing user and change their authentication to password stored as SHA1 hash.
Make a note of this password as it will have to match the passphrase on the private key you’re about to generate.
On the desktop open the PuTTYgen application.
You will need to create a public key and private key for each user.
First make sure under parameters / type of key to generate that RSA is selected. Then press Generate.
Next you will need to move your mouse around the screen in the blank space, as show with the red random lines, this type of movement generates the key.
Keep doing this until the green bar finishes loading and the key is generated.
Once the key is generated, enter a key passphrase, this needs to match the SHA1 password hash on the user account, otherwise login will fail.
Save the public key in the following directory “C:\Program Files (x86)\freeFTPd“.
Making sure to save with no file Extension, as shown in this screenshot. The file name needs to match the username of the account your creating this public key for:
Next is to save the private key and give this to the user who will be connecting. This file name you can name it anything you like:
Setup SFTP User Folders
The first time a user connects, their home folder will be created in the following location:
“C:\Program Files (x86)\freeFTPd\sftproot“
If you experience that a user can’t upload it due to permission issue, change the NTFS permission on their home folder with their account and give write permission.
SFTP Client Software
SFTP Server Firewall Ports
The SFTP server solution comes pre configured with the required firewall ports. If however you are using a third party firewall or need to manually setup the firewall ports, these are what you need:
- SFTP – Port 22 TCP
- FTP – Port 21 TCP
- FTPS – Port 990 TCP
To setup AWS firewall rules refer to – AWS Security Groups
To setup Azure firewall rules refer to – Azure Network Security Groups
To setup Google GCP firewall rules refer to – Creating GCP Firewalls
Cloud SFTP Server Support
Any questions about the setup of the VM in Azure, AWS or GCP contact us directory or leave your comments below.
Question: I get the error “The specified address is already in use”.
Answer: This means there is an instance of freeFTPd running in the background. Open up task manager and cancel any other instances of freeFTPd and reopen. Another option is to stop the freeFTPService and restart it.