How to Set Up an SFTP Server on Windows

How to Set Up an SFTP Server on Windows

Unlike Linux, Windows does not come with tools for setting up an SFTP server. Even FileZilla Server, a popular program for setting up an FTP server, doesn't support SFTP out of the box. So, are there other ways to set up SFTP on Windows? Yes, there are. OpenSSH is a suite of programs for establishing secure connections to a server. sftp-server is one of the utility programs provided by OpenSSH. This article will guide you on how to set up an SFTP server on Windows using OpenSSH. Originally, OpenSSH was only available on Linux, but Microsoft has ported it to Windows. You can now use OpenSSH by downloading the zip file from here.

Once you have downloaded the OpenSSH zip file, you can complete the setup using PowerShell. Make sure to open PowerShell as an administrator before running the following commands.

First, you need to unzip the file. After downloading OpenSSH for Windows, you can unzip it by running the following command:

Expand-Archive -Path <String> `
  -DestinationPath 'C:\Program Files'

Install sshd:

powershell.exe -ExecutionPolicy Bypass `
  -File 'C:\Program Files\OpenSSH-Win32\install-sshd.ps1'

Since the new SFTP server needs to accept external requests, you must open a port to allow inbound connections. You need to create a firewall rule:

New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' `
  -Enabled True -Direction Inbound `
  -Protocol TCP -Action Allow -LocalPort [port number]

When everything is ready, you can start sshd by running the following command:

Start-Service sshd

To ensure the SFTP server starts automatically when the server is up, run the following command:

Set-Service -Name sshd -StartupType 'Automatic'

Up to this point, the SFTP server is essentially ready to use. However, you might still want to make some configurations before using it. There is a file named sshd_config at %programdata%\ssh that you can modify to suit your needs. For example, if you want to change the server's port number, you can uncomment the line with the port number and change it to your preferred one, like this:

Port [port number]

To change the root directory, you can uncomment the line with the root directory and update the path:

ChrootDirectory [path]

To allow SFTP only, you can add the following lines to the config file:

ForceCommand internal-sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

If you don't need the SFTP server, you can uninstall it:

powershell.exe -ExecutionPolicy Bypass -File `
  'C:\Program Files\OpenSSH-Win32\uninstall-sshd.ps1'

You can run the command below to view the recent log for troubleshooting:

Get-WinEvent -LogName OpenSSH/Operational `
 | Where-Object {$_.TimeCreated -ge (Get-Date).AddDays(-1)}

If you still find the setup too difficult and don't want to handle it yourself, you can always use some paid tools available on the market. These tools can do the same job and come with a nicer graphical user interface.

(Bonus) Setup for client side to connect to the SFTP server

Generate your own private key and public key:

 ssh-keygen -t ed25519 -C "{description}"

By default, both private key (id_ed25519) and public key (id_ed25519.pub) will be stored under %USERPROFILE%\.ssh\.

Add your newly generated private key to the ssh-agent:

Start-Service ssh-agent
ssh-add $env:userprofile\.ssh\id_ed25519

Set up the SSH public key on the server side by creating a file named authorized_keys in the directory %USERPROFILE%\.ssh\ and adding the public key to this file.

Connect to the SFTP server:

sftp -P [port number] [server name]

Conclusion

OpenSSH is available on most platforms, so the setup should be similar across different systems. However, the tricky part is that some configurations might not be available on all platforms. Be sure to check the documentation if you run into any issues.

Reference

Win32-OpenSSH Wiki

Martin

Martin

tinkering with something unimportant

2021-08-14