SFTP Server Howto

SFTP-SERVER-HOWTO.md

Simple, secure file server (SFTP)

**SFTP - Wikipedia **

##Requirements

• Server machine with dedicated 10+GB drive, 512MB RAM
• Wired server <-> internet connection during Debian installation
• Client machine (Linux,Windows,Mac,Mobile...)
• 500+MB USB drive or blank CD/DVD

Server/Debian installation

• Download Debian.
• Write the downloaded ISO to USB drive.
• Windows: Win32diskimager
• Linux sudo dd if=/path/debian.iso of=/dev/sdX (with sdX the name of your USB drive as listed by lsblk)
• Reboot to USB drive.
• Select More options > Advanced graphical install
• Follow the installation procedure.
  • Use a strong password/phrase for your user accounts.
  • Allow administrator (root) logins: Yes
  • Create an ordinary user account Yes
  • Guided partitioning > Separate /home/ partition.
  • Software: only check Standard system utilities and SSH Server.
• Finish install, remove USB drive/boot from disk.
• At login prompt, login: root, password: your root password.
• Check internet connectivity ping -c3 debian.org
• Check and remember your LAN IP address: ip addr (remember it)
• Update software aptitude update; aptitude -y upgrade; aptitude -y dist-upgrade * Add your user adduser yourusername sudo to administrators * install firewall management aptitude install ufw; ufw enable.
• Open the firewall port ufw allow 823/tcp.

SSH/SFTP config

• Edit SSH configuration: nano /etc/ssh/sshd_config, change these values:

Port 823
PermitRootLogin no
PasswordAuthentication yes (remove #)
X11Forwarding no

• Add this at the end of the file:

Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,[email protected]

• Press Ctrl+X then Y to quit the editor and save.
• Run service ssh restart

Key authorization/connecting

On your client machine

Linux (graphical):

• Install the seahorse package from your package manager, or sudo aptitude install seahorse. Run Passwords and Keys from your Applications > Accesories menu. Click File > New ... > Secure shell key and follow instructions.
• Open sftp://[email protected]:823/home/yourusername in your file manager address bar, or File -> Connect to server... and fill the required fields.
• You can now store files there (/home/yourusername/ directory on your server). You can bookmark the location by dragging it to the file manager sidebar.
• For improved security run ssh -p 823 -i ~/.ssh/id_sftp [email protected], then sudo nano /etc/ssh/sshd_config and change PasswordAutentication to no. Run sudo service ssh reload; then exit.

Linux (command line):

ssh-keygen -f ~/.ssh/id-sftp #generate keypair
ssh-copy-id -i ~/.ssh/id_sftp.pub -p 823 [email protected] #authorize your key on the server
ssh -p 823 -i ~/.ssh/id_sftp [email protected] #test SSH connection
sudo nano /etc/ssh/sshd_config #change PasswordAutentication to no
sudo service ssh reload #reload ssh server
exit #close the SSH connection
sudo apt-get install sshfs #install SFTP filesystem mounting tool
mkdir sftp; sshfs -p 823 [email protected] sftp/ #create sftp/ directory and mount the SFTP filesystem on it

Windows:

• Download/install WinSCP.
• Run WinSCP Tools > Run PuttyGen. Click Generate and follow instructions. Save private keyto a file.
• TODO authorization
• Run WinSCP, enter Username, Host name (IP address), Port number: 823, Advanced>Authentication>Private key file, select your private key file. OK, Save, Connect.

Notes

• If your network is behind a NAT/Internet provider box you will need to setup redirections from port 823/TCP on the router to port 823/TCP on your server.
• You can setup a free (sub)domain name pointing to your server at https://https://freedns.afraid.org/domain/registry/
• Check the server's public IP: curl ifconfig.me from the server.
• Thanks https://github.com/GigabyteProductions/duraconf/commits/master/configs/sshd/sshd-pfs_config