Setting up an SFTP server is much easier than it used to be, but still comes with some important details that can trip up even a seasoned administrator. So today we’re discussing a step-by-step guide for setting up an SFTP server.
Enable SSH
SFTP (or Secure File Transfer Protocol) requires your server to communicate using the Secure Shell protocol (SSH), and you will first need to set up your network to do so. SFTP servers for Windows like Cerberus FTP Server will typically use the built-in OpenSSH tool for this purpose, but your organization may use different standards or protocols that require you to install a different package.
Full instructions for enabling OpenSSH in Windows Server can be found here.
Set up your SFTP server listeners
A listener is the combination of your enabled port, protocol and server IP address on which your SFTP server will accept connections. Most SFTP Servers include a listener set-up utility (Cerberus FTP Server by Redwood automatically creates an SFTP listener during its configuration), but if you need to create a listener manually, you will just need to add the port, protocol and server IP addresses where required.
Configure your firewall and router
SFTP uses port 22 by default, and you will need to open that port (or another chosen port number) on your firewall. Once your port is opened, you will also need to forward the external traffic received on the SFTP port to your SFTP server. Generally, these configurations are made on your router or gateway, but some combination firewalls will also control those settings.
For more on port forwarding, you can review our FTP server port management best practices blog.
Create your users
Individual client users will need to be created in order to allow them to connect to your server. SFTP servers typically include a user utility for this purpose, which will house information like user names, passwords and public keys.
Cerberus FTP Server’s User Manager feature allows easy creation of individual and bulk users, with helpful utilities like Active Directory Integration and FTP Security Groups.
Generate your SSH keys
Keys are used to authenticate SSH connections between a client and server, and can be generated automatically by your SFTP server upon connection request. You can also generate your own keys as well using SSH’s ssh-keygen command or a free key generation tool like PuTTYgen.
Cerberus FTP Server recommends that your clients generate both public and private keys, which can reduce the chance that a private key is discovered by a third party. A number of cryptography methods for key exchange exist, with the most common methods being Diffie-Hellman and Elliptic Curve cryptography.
Once your SSH keys are generated, best practice is to assign each individual user with a specific public key in order to track access. In Cerberus FTP Server, this action is done under the User Manager tab.
Choose your SFTP server cipher settings
Your SFTP server will secure your data in transit by using a cipher to encrypt the files. Cerberus FTP Server supports a range of ciphers for data encryption, which can be managed from the Security Settings page.
Test your SFTP server connection
Now that you’ve set up your SFTP server, it’s time to test your connection. Fire up your client, log in and start transferring.
More information on setting up an SFTP server
Cerberus has compiled a number of resources to help you with youSFTP undefinedr SFTP server:
- Complete Guide to SFTP – Part 1: Concepts
- SFTP – Your Complete Guide Part 2 – Protocol Connection and Authentication
- Configuring SSH/SFTP Server Settings in Cerberus
- SFTP server key exchange, cipher and algorithm support in Cerberus
- How SFTP public key exchange functions in Cerberus SFTP server
- Windows Server optimizations for SFTP
- Understanding the difference between FTPS and SFTP
If you’d like to try Cerberus FTP Server’s SFTP server features, you can download your trial at this link.