Secure FTP on Windows 2003 Server (SSH/SFTP)
Posted by Jason Durham | Tags: IIS
What You Will Need
- Windows Server 2003 (other versions are supported)
- Cygwin 1.5.25-15
- Putty (or other SSH client)
- SFTP client (FireFTP, a Firefox plugin that works nicely)
There are a few guides out there that will help you get Cygwin.exe installed on your server so I won't spend much time on it. Twice, I tried to install a few packages from Cygwin however the installer hung. This may have been because of the mirror I was using to DL the packages. I believe I ended up successfully completing the installer using a Virgina Tech mirror.
The Purpose of this Post
So why did I feel the need to make a post about this? There were a few extra security items that the other pages I found on the web didn't address. Also, there is the (relatively simple) configuration of your client.
I'm going to assume you have followed a guide like this one and/or this one to get SSH/SFTP installed and having it working locally on your server. You should be able to get into the console and log in with whatever Windows account(s) you want to use with SFTP. Now it's time to make SSH available to the outside world so your clients can connect. First, you'll need to create an exception in Windows firewall for port 22. Second, you'll need to open a port in your hardware firewall. The firewall configuration will depend on a number of things. If you're using NAT, be sure to apply the policy on the zone handling the address translation. Otherwise, you may end up connecting to your firewall (if it allows it) via SSH. You should be able to fire up Putty on a remote machine and log in to your Windows server. If you are unable connect to your server, double check your firewall rules and make sure there isn't a software firewall on the server blocking it. If you get "access denied" after passing in your password, you may need to go back to the Windows server to sync your Windows user account with SSH. To do so, log into the server using your FTP user account, launch Cygwin and run the following...
mkpasswd -cl > /etc/passwd
mkgroup --local > /etc/group
Once you're able to connect with Putty, it's time to configure your client. I've had good success with FireFTP. Create a new account or edit an existing account. On the 'Connection' tab, change the Security drop down box to SFTP and modify the remote initial directory by replacing the drive letter ("c:\") with /cygdrive/DRIVELETTER/. Click OK and now you're ready to connect with with SFTP!
Of course, FireFTP isn't the only SFTP client. And you're also not just limited to using Cygwin for just transferring files. You also have a slew of new utilities that can be run remotely from a client like Putty. While I've used Linux web servers (and SSH), I don't have extensive experience with the console. So, if you uncover some neat utilities previously unavailable to Windows, please come back and post about them!
2 responses so far ↓
Leave a Comment