How to Setup Cloud SFTP Server on Azure/AWS/GCP

The easiest way to setup and install an SFTP server in any of the cloud environments – Azure, AWS or GCP is to use our publicly available image cloud SFTP solution in the marketplace.  Fast deployment with secure access with our SFTP server solution using SFTP / SSH server software. 

 

SFTP Server (secure file transfer on SSH) protocol. Use it to transfer files securely over encrypted network layers (using SSH2 protocol). SFTP is not just a simple “FTP over SSH” wrapper – it is a newer protocol, supported by all SSH2 servers.  Transfer data securely over SSH layer using AES, DES, and BLOWFISH encryption.  This solution is an FTP/FTPS/SFTP server that enables users to access remote files over TCP/IP networks such as the Internet. Unlike FTP, FTPS and SFTP protocols provide security and strong encryption of data – great for insecure networks.

Cloud SFTP Server

Table of Contents

Getting Started with SFTP Server

RDP to New SFTP Server

Once you’ve deployed our SFTP server solution, the next step is to login via RDP. Refer to one our guides below depending on which cloud solution you are using:

 

After logging into your VM via RDP the first step is to configure the SFTP application and give your users access:

Generate SFTP Host Keys

On the desktop right click on FreeFTPd and Run as administrator.

This will then launch a task bar icon. In future to control the settings right click on the icon and select “configure“.

The GUI will launch and we now need to select “SFTP / Hostkey“.

As per the screenshot you will need to generate new keys and save them in the following directory:

 

“C:\Program Files (x86)\freeFTPd\”

 

Select 1024 bits” 

 

Then hit Apply & Save.

Start SFTP Service

Next, Click on SFTP and select “Start SFTP“.

 

You can add optional greeting message and goodbye message.  The default SFTP root directory where the users folders will be located are:

 

“C:\Program Files (x86)\freeFTPd\sftproot”

On the status tab you should now see the SFTP status as running:

Enable SFTP Logging

Next step is to enable SFTP server logging.  Click on ‘Logging‘ and check the box ‘Log events‘ and choose which directory to store log files.  Click Apply & Save

Adding Users on SFTP Server

All connections are secure via port 22 (SFTP / SSH).

 

There are 3 options

 

  1. Authenticate local Users with username / password
  2. Authenticate Active Directory Users
  3. Authenticate users with Private/Public ssh keys

Adding Local Users

To authenticate local users on the server, add users via computer management as shown in the screenshot below:

In this example there were 4 users added : (ftp1,ftp2,ftp3,ftp4).

Next, open up the freFTPd gui and under the users tab we will add these local users we just created.

 

Click on Add user and enter the username of the local user and select NT Authentication. 

 

Leave the home directory as the default and uncheck FTP and make sure SFTP is selected and press apply, as shown below:

Adding Active Directory Users

To authenticate with Active Directory, open up the users tab within the freeFTPd gui and click add user

 

Add the username(SAMAccount) of the user, select NT Authentication and enter the domain name of your AD, as shown in this example.

 

Make sure FTP is unselected and SFTP is selected.

Authenticate with Private/Public keys via SSH

You have the added option to allow users to connect to the server using a private key that communicates with a public key on the SFTP server.

 

Open up freeFTPd gui and under users add a new user or select an existing user and change their authentication to password stored as SHA1 hash.

 

Make a note of this password as it will have to match the passphrase on the private key you’re about to generate.

On the desktop open the PuTTYgen application.

 

You will need to create a public key and private key for each user.

 

First make sure under parameters / type of key to generate that RSA is selected. Then press Generate.

 

Next you will need to move your mouse around the screen in the blank space, as show with the red random lines, this type of movement generates the key.

 

Keep doing this until the green bar finishes loading and the key is generated.

Once the key is generated, enter a key passphrase, this needs to match the SHA1 password hash on the user account, otherwise login will fail.

Save the public key in the following directory “C:\Program Files (x86)\freeFTPd“.

 

Making sure to save with no file Extension, as shown in this screenshot. The file name needs to match the username of the account your creating this public key for:

Next is to save the private key and give this to the user who will be connecting. This file name you can name it anything you like:

Setup SFTP User Folders

The first time a user connects, their home folder will be created in the following location:

 

C:\Program Files (x86)\freeFTPd\sftproot

 

If you experience that a user can’t upload it due to permission issue, change the NTFS permission on their home folder with their account and give write permission.

SFTP Client Software

To allow clients to connect, users can use any SFTP client.  You can use WinSCP client, free download.

Automate Backups / Data Synchronization using SFTP

A great use case for an SFTP server is to use it to backup / synchronise any data from your clients. This can be automated using the following scripts using the WinSCP client to automate file transfers:

 

https://winscp.net/eng/docs/guide_automation

SFTP Server Firewall Ports

The SFTP server solution comes pre configured with the required firewall ports. If however you are using a third party firewall or need to manually setup the firewall ports, these are what you need:

 

  • SFTP – Port 22 TCP
  • FTP – Port 21 TCP
  • FTPS – Port 990 TCP

 

To setup AWS firewall rules refer to – AWS Security Groups

To setup Azure firewall rules refer to – Azure Network Security Groups

To setup Google GCP firewall rules refer to – Creating GCP Firewalls

Cloud SFTP Server Support

Any questions about the setup of the VM in Azure, AWS or GCP contact us directory or leave your comments below.

FAQ

Question: I get the error “The specified address is already in use”.

 

Answer: This means there is an instance of freeFTPd running in the background. Open up task manager and cancel any other instances of freeFTPd and reopen. Another option is to stop the freeFTPService and restart it.

Avatar for Andrew Fitzgerald
Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud.

3 2 votes
Article Rating
Subscribe
Notify of
23 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Elnaz T

Hello,
Thanks for the document . Which one do you recommend ? SFTP in windows 2016 image or on linux server?

Elnaz T

Thanks Andrew,
I just created a SFTP server based on your image and documentation . How can I change the home directory ? When I chose another directory I get this :
Error: Failed to parse returned path.
Error: Failed to retrieve directory listing

We may want to attach a big storage and change all home directories to that .

Thanks

Elnaz T

I just figured out how to change root directory 🙂

ramakrishna

Hi Could you please post how to change the root directory, in my case i have share single folder to two different user’s. this would be helpful

shabnamR

How can we change the SFTP port from 22 to another port ?

Alex

I followed the instructions exactly as they were written and I’m getting this error with FileZilla

Error: Authentication Failed
Error: Critical error: Could not connect to server

I created the user through local account

Fadi Grutel

Hi,
I am interested in using your solution on our Azure, may I ask you what is the encryption method for this servie?
Thanks
Fadi

Fadi Grutel

Thanks, Andrew,
I am sorry to not mention that we just want to use the SFTP service, not FTp, for this what is exactly encryption method? How can I see the configuration?

Fadi Grutel

Andrew,
Sorry for many questions,
But my company needs to make sure before implementing the solution in our environment.
1- As I understand SSH is a method for secure access to the server . I mean it secures username and passwords.
2- My question is, are my files on SFTP server encrypted? I see this “Transfer data securely over SSH layer using AES, DES, and BLOWFISH encryption” but which AES? AES-128, AES-192, and AES-256?

Thanks
Elnaz

K.S.

Are the files that are stored on the server Encyrpted themselves??

Fadi Grutel

Is 2019 version similar to 2016 ? I am using 2016 deployment.

Erick Wilts

Is it possible to start the (S)FTP server as soon as Windows starts up? I’m asking this because I implemented this on Azure and I use the VM very sparingly so it shuts off after several hours of inactivity.

Last edited 2 years ago by Erick Wilts
Erick Wilts

When trying to connect using the python library ftplib, I’m getting a WRONG_VERSION_NUMBER error. But I can’t find what the required SSL version is. Can I change that in freeFTPd? If not, where can I find which SSL version is used (if I know that, I can downgrade the ssl library in Python)?

23
0
Would love your thoughts, please comment.x
()
x