Sftp сервер для windows 2008 r2

windows:server:2008:r2:openssh:install

- На момент написания это v8.1.0.0p1-Beta.
Распаковать в C:\Program Files\;
- Или куда угодно, но помните, что из него в дальнейшем будут запускаться службы.
Добавить путь C:\Program Files\OpenSSH-Win64 в переменную PATH.
- Свойства системы – Дополнительные параметры – Переменные среды… – Системные переменные – Path, далее в конце стоки через точку с запятой вставить путь без кавычек.
Запустить PowerShell с правами администратора, перейти в каталог C:\Program Files\OpenSSH-Win64 и ввести ./install-sshd.ps1 (PowerShell пока не закрывать!);
Запустить службу OpenSSH SSH Server (sshd) и настроить ее на автоматический запуск;
Вернуться в PowerShell и выполнить ./FixHostFilePermissions.ps1 везде соглашаясь;

Если есть ошибки, проверить наличие папки C:\ProgramData\SSH и ключевых файлов в ней. Ключевые файлы создаются при первом запуске службы.

Дисклеймер

Использование материалов данной базы знаний разрешено на условиях лицензии, указанной внизу каждой страницы! При использовании материалов активная гиперссылка на соответствующую страницу данной базы знаний обязательна!
Автор не несет и не может нести какую либо ответственность за последствия использования материалов, размещенных в данной базе знаний. Все материалы предоставляются по принципу «как есть». Используйте их исключительно на свой страх и риск.
Все высказывания, мысли или идеи автора, размещенные в материалах данной базе знаний, являются исключительно его личным субъективным мнением и могут не совпадать с мнением читателей!
При размещении ссылок в данной базе знаний на интернет-страницы третьих лиц автор не несет ответственности за их техническую функциональность (особенно отсутствие вирусов) и содержание! При обнаружении таких ссылок, можно и желательно сообщить о них в комментариях к соответствующей статье.

Последнее изменение: 2022/02/12 11:40 (внешнее изменение)

Источник

Remove From My Forums

Question
Hi,

Does any have a step by step on how to enable and configure SFTP server on Server 2008 R2?

jaie

Answers

Hello,

SFTP (SSH + FTP) is not supported on IIS. Only FTPS (FTP + SSL) is supported.

More here: http://forums.asp.net/t/1430627.aspx#B42

This
posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Microsoft
Student Partner 2010 / 2011
Microsoft
Certified Professional
Microsoft
Certified Systems Administrator: Security
Microsoft
Certified Systems Engineer: Security
Microsoft
Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft
Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
- Proposed as answer by
  
  Tuesday, April 17, 2012 3:41 AM
- Marked as answer by
  Miya Yao
  Tuesday, April 24, 2012 8:42 AM

Источник

Posted by dustinreed 2014-07-22T14:33:36Z

I am wanting to run an SFTP server on windows server 2008 R2, but I need it to run as a service not an application. I have done some research on this, but everything I have found is application based and that wont work for me. I just need some help finding a product; Freeware is great , but paying is not an issue as long as it works correctly.

14 Replies

Long ago, we used WinSSHd, which worked well and as I recall ran as a service. I want to say it was around $100. It was pretty simple, just make sure the settings are as you’d like and open port 22.

I would point out that depending on what you’re after, there are better solutions, especially if end users are involved. I’ve since become a fan of LiquidFiles.

Was this post helpful?
thumb_up
thumb_down
You can run FIleZilla Server as a windows service,

Personally, I’d run it on Linux.

Was this post helpful?
thumb_up
thumb_down
Filezilla is only FTP/SSL not SFTP.

I have a tech support question open with WinSSHd to find out just that, because it isn’t in any of their documentation.

Was this post helpful?
thumb_up
thumb_down
zamarax

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

chipotle
xXGh057Xx

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

New contributor
chipotle
I guess i read the wrong part, but this does say that I have to launch the application, I really need it to run as a background application.

Was this post helpful?
thumb_up
thumb_down
zamarax

This person is a verified professional.

Verify your account
to enable IT peers to see that you are a professional.

chipotle

^ filezilla can be installed as a service.

Was this post helpful?
thumb_up
thumb_down
Last I looked, FileZilla server could do FTPS (FTP with SSL security) but not SFTP (SSH File Transfer Protocol.) Don’t confuse the two, they are different. FileZilla Client can be a SFTP or FTPS client.

For a SFTP server, Cygwin tools (https://www.cygwin.com Opens a new window) can be installed on a Windows server, and then you install OpenSSH and configure. If you are comfortable with the command line this works well.

If you want something with a GUI, I recently put Bitvise (http://www.bitvise.com Opens a new window) on a Windows server for backing up Cisco phone switch stuff. $99.95 for a single server. Honestly it was one of those need something now situations, need something that can be figured out by L2 helpdesk, don’t have time to remember how to configure Cygwin SSHD…$99 bucks is cheaper than my time. Do it!

Was this post helpful?
thumb_up
thumb_down
With sftp? I’ll look into it. Both methods on page dais I had to launch it.

Was this post helpful?
thumb_up
thumb_down
Bitvise looked good and I don’t mind paying the money, but did our run as a service? I looked at filezilla and it only looks to support ftp/ssl as a service. Cisco UCM is the exact reason I need this, but we have had issues and automatic nightly backups need to happen which is why I need the service

Was this post helpful?
thumb_up
thumb_down
»Last I looked, FileZilla server could do FTPS (FTP with SSL security) but not SFTP (SSH File Transfer Protocol.) Don’t confuse the two, they are different. FileZilla Client can be a SFTP or FTPS client. «

Yes I’m aware of the difference.

I just checked the FileZilla site and your right «Support for SFTP (SSH File Transfer Protocol) is not implemented in Filezilla Server.»

So looks like I was misinformed.

I checked around and it looks like similar questions have been asked on spice works. Check links for your answer.

http://community.spiceworks.com/topic/194189-anyone-know-of-any-windows-sftp-server-software

http://community.spiceworks.com/topic/170584-what-is-the-best-program-to-use-to-create-a-sftp-server

Was this post helpful?
thumb_up
thumb_down
WinSSHd is Bitvise; per the guide, it appears it runs as a service:

http://www.bitvise.com/wug-starting Opens a new window

I certainly don’t remember having to login to use it, and wouldn’t have used it as long as we did if I had to.

Was this post helpful?
thumb_up
thumb_down
found it finally. It runs as a service and is free. Only issue is that you have to manually start the service the first time or the GUI wont load to let you set the root path. Thanks for all the help.

I know the link says TFTP, but they have both

http://www.solarwinds.com/products/freetools/free_tftp_server.aspx Opens a new window

Was this post helpful?
thumb_up
thumb_down

Read these next…

Which network diagram (SAN to LAN) would you say is correct?

Networking

Which is best practice and why? Is it done one way over the other to avoid potential issues or is it just good housekeeping . . . or both?Edit for context . . . To the left — 3-node Hyper-V failover cluster connected to shared dual-controller storage via …
What kind of logs, data, or tooling do you have that need better visibility?

Windows

Hey,
I was part of a mass lay off awhile back, I am looking for work and
solutions to keep me busy while I continue to apply for jobs. Before I
was laid off I put together a small app that aggregated a lot of data
from GitLab with a simple sea…
Snap! — Keyboard Hat, Emotional AI, US High-Speed Trains, Astronaut Wears Prada

Spiceworks Originals

Your daily dose of tech news, in brief.

Welcome to the Snap!

Flashback: October 6, 1942: Photocopying Patented (Read more HERE.)

Bonus Flashback: October 6, 1992: US-Russia Human Spaceflight Agreement (Read more HERE.)

You need to hear…
Time Clocks

Hardware

We’re looking for a solution that would allow clients who participate in certain services to punch in and punch out on a time clock with a PIN versus fingerprint or prox card. We’d prefer the solution to be entirely local versus cloud based. We did look…
Alternative to Sophos central

Security

Hi there, I am a Sophos partner and currently have clients that run Sophos Essentials on their work machines — and it looks like our licenses are due for expiry soon. Would you guys suggest any alternative vendors that offer the same functionality as Soph…

Источник

I have a remote Windows 2008 machine and the task at hand is to share out parts of its filesystem via SFTP for a single user.

Were commercial software an option things would be easy but I want freeware.

After trying out several different candidates such as Core FTP Mini SFTP Server, SilverShield and freeFTPd none them really qualified — either connection issues, zero configurability or bugs.

Is there a free and stable SFTP server for Windows 2008 which works out of the box?

asked Aug 17, 2012 at 12:29

Another option would be to install OpenSSH using Cygwin. The attached instructions are for Windows XP/Vista but I don’t see why they wouldn’t work on Windows Server 2008.

Cygwin is a kind of middle layer that allows *nix software to be compiled and run on Windows without modification. It is extremely handy and brings a lot of other *nix goodness to Windows. Oh, yeah and Cygwin is open source and free.

answered Aug 17, 2012 at 13:21

GreenGreen

5563 silver badges9 bronze badges

After spending a few hours on the World Wide Web, turns out the answer is yes.

Meet KpyM Telnet/SSH Server which is a free, open source telnet/ssh server for Windows.

Installation is a breeze and it runs as a service.

The only caveat is the requirement to grant explicit access rights to SFTP home folder — KpyM authentication relies on Windows user accounts.

answered Aug 17, 2012 at 12:29

SaulSaul

4352 gold badges7 silver badges17 bronze badges

Why not use the freeSSHd ? We have been using this for our server and it does the job for us. It is free and easy to setup.

The download page is here http://www.freesshd.com/?ctt=download

After you install it, check in your taskbar, the application should be running and the icon is hidden in the taskbar next to the clock.

answered Oct 30, 2013 at 9:15

RosdiRosdi

8762 gold badges11 silver badges22 bronze badges

This is a free SFTP server which runs on Windows 2008 and is free for private use, or trial:

http://windsftp.weebly.com

answered Sep 25, 2013 at 22:52

CathalMFCathalMF

1431 silver badge7 bronze badges

You can try out Syncplify.me Server! as well. It’s free for non commercial use, and your single user scenario fits the free license technical limitations.

And unlike Cygwin/OpenSSH solutions this one is Windows-native, as per your request.

answered Apr 19, 2016 at 16:47

FjodrSoFjodrSo

2112 silver badges6 bronze badges

You must log in to answer this question.

Not the answer you’re looking for? Browse other questions tagged

.

Источник

SFTP Server installation on Windows
2008 R2 64bit Domain Environment

1. Install Win 2008 R2 64bit standard Domain controller – ygnopadif501

2. Install Win
2008 R2 64bit standard Server (Join to the DC) – ygnopsftpif501

3. Install Win 7
64bit Professional (Client Test) – ygnoppc01

5. Copy installer
file to ygnopsftpif501 and run by local administrator rights.

6. You will need
internet connection to download installer

7. I made
secondary partition on ygnopsftpif501 put Cygwin on d:\cygwin

11. vi
/etc/sshd_config and paste the following, yes.. Need to delete previous
contents.

# This sshd was
compiled with PATH=/bin:/usr/sbin:/sbin:/usr/bin

#Port 22

#AddressFamily
any

#ListenAddress
0.0.0.0

#ListenAddress ::

#Protocol 2

#HostKey
/etc/ssh_host_key

#HostKey
/etc/ssh_host_rsa_key

#HostKey
/etc/ssh_host_dsa_key

#HostKey
/etc/ssh_host_ecdsa_key

#HostKey
/etc/ssh_host_ed25519_key

#KeyRegenerationInterval
1h

#ServerKeyBits
1024

Ciphers
aes256-cbc,aes128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc

MACs hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96

#SyslogFacility
AUTH

#LogLevel INFO

#LoginGraceTime
2m

#PermitRootLogin
yes

#StrictModes yes

#MaxAuthTries 6

#MaxSessions 10

RSAAuthentication
yes

PubkeyAuthentication
yes

AuthorizedKeysFile
.ssh/authorized_keys

#AuthorizedKeysFile %h/.ssh/authorized_keys

#AuthorizedPrincipalsFile
none

#AuthorizedKeysCommand
none

#AuthorizedKeysCommandUser
nobody

#RhostsRSAAuthentication
no

#HostbasedAuthentication
no

#IgnoreUserKnownHosts
no

#IgnoreRhosts yes

#PasswordAuthentication
yes

PasswordAuthentication no

#PermitEmptyPasswords
no

ChallengeResponseAuthentication no

#KerberosAuthentication
no

#KerberosOrLocalPasswd
yes

#KerberosTicketCleanup
yes

#KerberosGetAFSToken
no

#GSSAPIAuthentication
no

#GSSAPICleanupCredentials
yes

#UsePAM no

#AllowAgentForwarding
yes

#AllowTcpForwarding
yes

#GatewayPorts no

#X11Forwarding no

#X11DisplayOffset
10

#X11UseLocalhost
yes

#PermitTTY yes

#PrintMotd yes

#PrintLastLog yes

#TCPKeepAlive yes

#UseLogin no

UsePrivilegeSeparation
yes

#PermitUserEnvironment
no

#Compression
delayed

#ClientAliveInterval
0

#ClientAliveCountMax
3

#UseDNS yes

#PidFile
/var/run/sshd.pid

#MaxStartups
10:30:100

#PermitTunnel no

#ChrootDirectory none

#VersionAddendum
none

#Banner none

#Subsystem sftp
/usr/sbin/sftp-server

Subsystem
sftp internal-sftp

# Example of
overriding settings on a per-user basis

#Match User
anoncvs

# X11Forwarding no

# AllowTcpForwarding no

# PermitTTY no

12. mkpasswd >
/etc/passwd

13. mkgroup >
/etc/group

14. vi /etc/passwd and
change the User ID / Group ID of the administrator

Administrator:*:0:0:U-DOMAIN\ Administrator,S-1-5-21-2764008837-3433102739-348656545-500:/home/tanlcl:/bin/bash

15. vi /etc/group
and add

root:S-1-5-32-544:0

16. Exist from Cygwin and run again with admin account.

cd /

mkdir sandbox

chmod 755 sandbox

chown
Administrator.root sandbox

mkdir
sandbox/home

chmod 755
sandbox/home

chown
Administrator.root sandbox/home

ls -las /

0 drwxr-xr-x+ 1
Administrator root 0 Apr 14 16:13
sandbox

cd sandbox

ls -las

0 drwxr-xr-x+ 1
Administrator root 0 Apr 14 16:13 home

E.g.

cd /

chown
Administrator.root cygdrive

chown
Administrator.root cygdrive/d [if cygwin is installed to D:]

chown
Administrator.root cygdrive/d/cygwin64

chown
Administrator.root cygdrive/d/cygwin64/sandbox

17. Create sftp
login account at DC.

$ mkpasswd -l
—username ygn001 >> /etc/passwd (If user is local)

$ mkpasswd -l -u ygn001 -D DOMAIN >> /etc/passwd
(if domain account)

$ mkdir
/sandbox/home/ygn001

$ chmod 700
/sandbox/home/ygn001

$ chown ygn001
/sandbox/home/ygn001

$ mkdir
/sandbox/home/ygn001/.ssh

$ chown ygn001
/sandbox/home/ygn001/.ssh

18. On client PC
run the followings.

19. Copy the
id_rsa.pub from client pc to ygnopsftpif501.

scp
~/.ssh/id_rsa.pub ygn001@10.10.10.2:/sandbox/home/ygn001/.ssh

20. cat
id_rsa.pub >> authorized.keys

chown ygn001
authorized.keys

chgrp “Domain
Users” authorized.keys

chmod 700 ~/.ssh

chmod 600
~/.ssh/authorized_keys

You have to use

ssh-copy-id -i
/home/ygn001/.ssh/id_rsa.pub 10.10.10.2 <- authorized.keys=»» automatically.=»» command=»» create=»» file=»» span=»» this=»»>

cygrunsrv —start
sshd (You can start/stop sshd service from Windows services)

#ps -ef | grep sshd

#tail –f
/var/log/sshd.log

Test login to
SFTP server via ygn001

#sftp ygn001@10.10.10.2 (should directly reach to
/sandbox/home/ygn001)

Uninstall the
SSH-service
If you want to uninstall the SSH-service, open up Cygwin and execute commands:
cygrunsrv —remove sshd

Restrict User to
a directory
Open etc folder in your cygwin installation. Two file need a edit to to
implement chroot jail for user.
1. sshd_config
2. passwd

in sshd_config change below conigurtions

# override default of no subsystems
Subsystem sftp internal-sftp
ChrootDirectory /cygdrive/d/inetpub/ftproot

# Example of overriding settings on a per-user basis
    Match User administrators
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

in passwd file
manually edit root user to change the group id (usually 544) to 0
for example as below :
SvcCOPSSH:unused_by_nt/2000/xp:0:545:U-WINDOWS-AU90FH5\SvcCOPSSH,S-1-5-21-2943273595-299576109-709065550-1031:/var/:/bin/false

Restart OPENSSH service and Enjoy !

Steps to use local Linux admin to configure
new FatPC SFTP user who is a domain user:

=====================================================================================

1. Capture the
domain user’s SID into /etc/passwd (only a domain user can do this step. Use
your domain account to login FatPC, then run the Linux command)

mkpasswd -l -u ygnopr1
-D DOMAIN >> /etc/passwd

2. Edit the
/etc/passwd file to make this entry follow the format for local
users (refer to the xls sheet for instructions).

3. mkdir
/home/ygnopr1

4. mkdir
/home/ygnopr1/.ssh

5. cp the shared
id_rsa & id_rsa.pub files to /home/ygnopr1/.ssh

6. chgrp
«Domain Users» /home/ygnopr1/.ssh ************NOTE

7. chgrp
«Domain Users» /home/ygnopr1

8. Give ownership
for /home/ and /home//.ssh to the domain user. This
can’t be done at the Linux command line by the local admin, but can be done
using your AD account.

So use Windows
explorer to give ownership. You will need to enter your domain credentials when
prompted.

************NOTE

If there is an
error about group «Domain Users» not existing, then it means
«Domain Users» doesn’t exist inside /etc/group.

You should login
Windows using your domain account, run Linux Terminal & then the command
mkgroup -c >> /etc/group. After that,

logout &
login as Local Windows Admin & continue the config using Linux Terminal.

1.
Login
with ygnopr1 domain account, it will
create the home folder under /home/ygnopr1

2.
mkdir /home/ygnopr1/.ssh

3.
logoff
and login with zawhtet domain account

4.
copy
/home/zawhtet/.ssh/id_rsa and id_rsa.pub to /home/ygnopr1/.ssh

5.
change
permission for .ssh folder (chown – R ygnopr1 .ssh) (chgrp -R “Domain Users” .ssh)

6.
Login
with zawhtet domain user and check the /etc/passwd file

7.
If
there’s no record for ygnopr1 user you need to run this command

8.
mkpasswd
-l -u ygnopr1 -D DOMAIN >> /etc/passwd

9.
the
test login to sftp ygn001@10.10.10.2

On Client Side id_rsa private key should be 600.

Источник

Дисклеймер

Question

Answers

14 Replies

Read these next…

Which network diagram (SAN to LAN) would you say is correct?

What kind of logs, data, or tooling do you have that need better visibility?

Snap! — Keyboard Hat, Emotional AI, US High-Speed Trains, Astronaut Wears Prada

Time Clocks

Alternative to Sophos central

You must log in to answer this question.

Not the answer you’re looking for? Browse other questions tagged .

Not the answer you’re looking for? Browse other questions tagged

.