Set up an SFTP server on Windows

Set up an SFTP server on Windows

Unlike Linux, Windows does not come with any tools for setting up an SFTP server. Even FileZilla Server, one of the most popular programs for setting up a FTP server, doesn't support SFTP out of the box. So, are there any other ways to set up an SFTP on Windows? Yes, of course. OpenSSH is a suite of programs for establishing secure connections to the server. sftp-server is one of the utility programs provided by OpenSSH, so this article will walk you through how to set up an SFTP server on Windows using OpenSSH. Originally, OpenSSH was only available on Linux, but Microsoft has ported it to Windows, so you can now use OpenSSH by downloading the zip file from here.

Once you have downloaded the zip file of OpenSSH, you can complete the setup using PowerShell. Be sure to open the PowerShell as an administrator before running the following commands.

First, you have to unzip the file. Once you have downloaded OpenSSH for Windows, you can unzip it by running the following command:

Expand-Archive -Path <String> `
  -DestinationPath 'C:\Program Files'

Install sshd:

powershell.exe -ExecutionPolicy Bypass `
  -File 'C:\Program Files\OpenSSH-Win32\install-sshd.ps1'

As the new SFTP server needs to accept external request, a port needs to be used to allow inbound connection. You have to create a firewall rule:

New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' `
  -Enabled True -Direction Inbound `
  -Protocol TCP -Action Allow -LocalPort [port number]

When everything is ready, you can start sshd:

Start-Service sshd

To make sure SFTP server starts up every time when the server is up, run the following command:

Set-Service -Name sshd -StartupType 'Automatic'

Up till now, the SFTP server is basically ready to use. However, you might still want to do some configurations before using it. There is a file named sshd_config at %programdata%\ssh, where you can modify it to suit your needs. For example, if you want to change the port number of the server, you can uncomment the line with port number and change it to the one you like, like the following:

Port [port number]

To change the root directory, you can uncomment the line with root directory and change the path:

ChrootDirectory [path]

To allow SFTP only, you can add the following lines to the config file:

ForceCommand internal-sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

If you don't need the SFTP server, you can uninstall it:

powershell.exe -ExecutionPolicy Bypass -File `
  'C:\Program Files\OpenSSH-Win32\uninstall-sshd.ps1'

You may run the command below to view the recent log for troubleshooting:

Get-WinEvent -LogName OpenSSH/Operational `
 | Where-Object {$_.TimeCreated -ge (Get-Date).AddDays(-1)}

If you still find the setup too difficult and don't want to do the heavy lifting, you can always use some paid tools on the market. They should be able to do the same thing and with a nicer graphical user interface.

(Bonus) Setup for client side to connect to the SFTP server

Generate your own private key and public key:

 ssh-keygen -t ed25519 -C "{description}"

By default, both private key (id_ed25519) and public key (id_ed25519.pub) will be stored under %USERPROFILE%\.ssh\.

Add your newly-generated private to the ssh-agent:

Start-Service ssh-agent
ssh-add $env:userprofile\.ssh\id_ed25519

Set up SSH public key at server side by creating a file named authorized_keys in the directory %USERPROFILE%\.ssh\ and append the file with the public key.

Connect to the SFTP server:

sftp -P [port number] [server name]

Conclusion

OpenSSH is available on most platforms, so the setup should be more or less the same across different platforms. However, the trickiest part is that some configurations may not be available on all platforms, so you have to check out the documentation when you encounter any problems.

Reference

Win32-OpenSSH Wiki

Martin

Martin

tinkering with something unimportant

2021-08-14