Category: SFTP

You can do this in many ways, the most popular of which is SAMBA, but this is not the software we are using, here we are using SSHFS

The software this post is about is SSHFS, if you are reading this, you probably know what SSH is (Secure shell), and FS stands for File System

Ironically, you will only need to have SFTP and not SSH with shell access, so here is the first surprise, Now, to continue with this tutorial, you might want to visit the page I have posted here to create that user and give him/her access to the directory to be mounted, don’t worry, there is a link back here at the bottom of that page !

So, now that you have created that user account on the remote system, let’s get down to business

You will need 2 peices of software, or 3 if you would like to use private/public key authentication

For the following software, look on their websites for the latest installers for your version of Windows (Usually you are looking for the msi of the 64bit version of windows)

1- WinFsp, short for Windows File System Proxy, What this basically does is enabled the developer of SSHFS-Win to make it look like a windows drive, not some separate SFTP application where you have to move the files manually, when you present it as a drive, you can modify files directly on it, which is the main advantage, and it will do the work in the background, it is a driver that presents itself on/to windows as a disk, while cheating the disk contents from another application, the github page for it is at https://github.com/winfsp/winfsp, or to save you time, Just go directly to the download page here https://github.com/winfsp/winfsp/releases/tag/v1.11 , When presented with optional components, if you are not a developer, you will only ever need the Core package, which is the installer’s default

Once WinFsp is installed, we are done with the part that allows us to display file systems that are not really filesystems, the next step is to have something feed that with data from an actual filesystem somewhere else ! via SFTP, and that software would be

2- SSHFS-Win, which is the system that sits in the middle, between the SFTP server, and WinFsp which is an illusion of a hard drive on your windows machine ! it’s home on github is at https://github.com/winfsp/sshfs-win, To get the latest from this one, go here https://github.com/winfsp/sshfs-win/releases and look for the one that says latest (Not pre-release), download and install it

There is no software to install on the remote side, as most Linux systems already have the functionality ! and you have already setup a user in the previous post that I pointed you to a minute ago, So let us mount !

Now, you can (But don’t do it just yet) open file explorer in Windows, right click “This PC”, and click on Map Network Drive, A dialogue appears, enter your connection string, which should be something like

\\sshfs\username@serverhostname\

You should then be prompted with a password dialogue box, you enter the SFTP password, and you should now be all set, but why are we not doing this right now ? we are not doing this because when you create files in that drive, they will remotely have rwx permissions for owner, and no permissions for group or others, wo work around this, you need to pass the following arguments to the mount

webdev@10.10.20.41:/

create_file_umask=0000,create_dir_umask=0000,umask=0000,idmap=user,StrictHostKeyChecking=no

which is only available via command line and does not survive reboots, a better alternative is to use sshfs-win-manager, which seamlessly mounts those remote file systems using SFTP , the long and short of it is that it just works

---

Another program that has a different set of permission issues (I can write files, but can’t write to them again even though i own the files on the remote system and the permissions should allow) is SiriKali (https://github.com/mhogomchungu/sirikali), you should be able to find the line to download for your platform here (https://mhogomchungu.github.io/sirikali/)

SiriKali also allows you to use other types of authentication which are beyond the scope of this post

So in SiriKali, you need to fill the above information, luckily that information is loaded by default.

Remember to select the checkboxes you need,

In this mini tutorial, I will be adding the user kareem to the system, and allow kareem to sftp into a web directory where he can post his web design work, as usual, the steps first, then whatever explanations !

There are two ways to do this, one to add one user, the other to add a group of users, you can either pick one, or do both !

The part in common between both solutions

apt-get install openssh-server
adduser kareem
Then enter a new password twice for kareem

The interesting thing about this sftp user business is that the directory we will specify as the root for the user kareem has to be owned by root ! so go ahead and create the directory /var/www/html/usr/kareem, then execute the following commands

chown root:root /var/www/html/usr
chmod 755 /var/www/html/usr

chown kareem:kareem /var/www/html/usr/kareem

Now, the user kareem owns a directory within his root directory that he can write to, and can not write outside that directory since he does not have the OS permissions, Now, let us add kareem to the list of people who have sftp access but not ssh access.

Edit /etc/ssh/sshd_config and append the following to the document

Match User kareem
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/www/html/usr
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

Now, restart the service by executing the following command

systemctl restart ssh

You are done, try connecting with something like winSCP

Besides winSCP, you can also simply mount the linux filesystem where you have permissions on your windows machine, here are the complete instructions on how to do that https://www.qworqs.com/2022/10/09/mounting-a-remote-linux-file-system-as-a-windows-drive/

This post is rather old, and everything is secure on the internet these days, so rather than FTP, it is recommended that you setup the new user with SFTP instead (Secure file transfer protocol), SCP is another option, but i have an sftp article ready for you here

So here is a quick guide to setting up a user to have access to a certain directory via FTP

You probably already use a Linux server, you access your files via SFTP or SCP, but you want to give someone access to a certain directory within.

Here is how it is done on a Debian squeeze machine

apt-get install pure-ftpd-common pure-ftpd

Then we need to add a group and default user for our program

groupadd ftpgroup
useradd -g ftpgroup -d /dev/null -s /etc ftpuser

pure-pw useradd test1 -u ftpuser -d /home/ftpusers/test1

pure-pw mkdb

This creates the file mentioned earlier called /etc/pureftpd.pdb, this file houses all information related to your virtual users

pure-pw passwd test1

Once password is set, update the database

pure-pw mkdb

To delete a user

pure-pw userdel test1

pure-pw show test1

pure-ftpwho

Create symlink to add PureDB to authentication methods

cd /etc/pure-ftpd/auth
ln -s ../conf/PureDB 50pure

Disable PAM authentication unless you need it

echo no > /etc/pure-ftpd/conf/PAMAuthentication

Disable UNIX authentication unless you need it

echo no > /etc/pure-ftpd/conf/UnixAuthentication