This is a quick how-to on setting up a reliable SFTP server on Windows Server 2003. Most of the information for this was gathered from this excellent post [DigitalMediaMinute.com] but this is just a simple and brief explanation. Before getting into the steps, note that this was tested on two separate servers both runing Windows Server 2003 R2 SP2. One was Standard Edition the other Enterprise. One was running IIS (no FTP components installed) not that it should really matter because this is SFTP by default on SSH port 22.

1. Download OpenSSH from here [Sourceforge.net]

2. Unzip it and run the installer on your server.

3. Select all of the default settings (including to install both client and server).

4. Rather than take any chances with spaces, install it to something like <Drive Letter>:\OpenSSH (e.g. D:\OpenSSH)

5. Note that the installer sets up the service and configures it to automatically start but it does NOT start it during or after the install. That wil be done manually later on…

5. The installer will warn that the server is basically not very useful until security is setup

6. Open a command prompt and change directory to your install folder (e.g. D:\OpenSSH)

7. Type the following command to import groups into the SSH server’s group file: mkgroup -l >> .\etc\group

Note: the -l switch specifies local groups. You can use -d switch to specify domain groups. If you just ype mkgroup at the command line, you will see the help / syntax for it’s usage

8. Type the following command to import a specific user in the SSH server’s passwd file: mkpasswd -l -u <username> >> .\etc\passwd

Note: Again the -l switch specifies local objects and the user must exist. If the user name has spaces in it, enclose the name in double quotes. If you just type mkpasswd at the command line, you will see the help / syntax for it’s usage

9. You will need to modify the home directory path for each user and this can be found in the just created .\etc\passwd file. Open the file in something like Wordpad (or do yourself a favour and use Notepad++ [Sourceforge.net]). The second last field in each row is the home directory for the user. To access any drive / path on your server, use this syntax: /cygdrive/<DriveLetter>/path/to/folder(e.g /cygdrive/D/SFTP/MyUsername).

Note: to lock the user to the home folder and it’s contents only, you need to set NTFS permissions so that the user does not have access to browse back up the folder hierarchy.

10. To start the service, from a command prompt type: net start opensshd

11. To test access to the server, use a client like FileZilla [Sourceforge.net] that supports connection to an SFTP serer. Open FileZilla and go to File -> Site Manager… Create a new site pointing to the name or IP address of your server, specify SFTP as the server type, use normal for the logon type and enter the details of the user created above. Press Connect and you should see the connection established to the server on port 22 and you should be placed in the home directory specified above.

I only needed to do this for a single user account which was required for server to server file transfers. I fou that the user had to be an Administrator on the server which was fine for that situation but for user access SFTP it would be a problem. Theortically, the user should just need to exist in the passwd file, provide valid credentials and be granted whatever access is needed via NTFS permissions on the home directory they are pointed at. I didn’t spend time testing it but couldn’t get the user authenticated successfully if they were a member of Users or Power Users even if they had full control on their home folder – only if they were an Administrator.

Hope this helps someone.

Popularity: 11% [?]