Introduction

Transferring files securely across networks is a crucial requirement for businesses and organizations. Secure File Transfer Protocol (SFTP) is a secure implementation of FTP that uses SSH to encrypt the data being transferred. In this article, we’ll guide you through the steps to set up SFTP on Windows Server 2022 using the built-in OpenSSH server feature.

Prerequisites

Before you begin, ensure the following prerequisites are met:

  • A Windows Server 2022 instance.

  • Administrative access to the server.

  • A firewall allowing incoming connections on the SSH port (default is TCP port 22).

  • Basic understanding of PowerShell and Windows Server.

Step 1: Install the OpenSSH Server Feature

1.1 Using Windows Settings

  1. Open Settings from the Start Menu.

  2. Navigate to Apps > Optional features.

  3. Click on Add a feature.

  4. Search for OpenSSH Server and click on Install.

1.2 Using PowerShell

Alternatively, you can install OpenSSH Server using PowerShell:

  1. Open PowerShell as an Administrator.

  2. Run the following command:

    Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Step 2: Start the OpenSSH Server Service

  1. Open PowerShell or Command Prompt as Administrator.

  2. Run the following command to start the OpenSSH server:

    Start-Service sshd

  3. To ensure the service starts automatically with Windows, use this command:

    Set-Service -Name sshd -StartupType 'Automatic'

Step 3: Configure the OpenSSH Server

3.1 Open the SSH Configuration File

  1. Navigate to the OpenSSH directory:

    cd 'C:\ProgramData\ssh'

  2. Open the sshd_config file in a text editor like Notepad:

    notepad.exe sshd_config

3.2 Modify Configuration Settings

In the sshd_config file, you can adjust certain settings to enhance security:

  • Change default port (optional): If desired, change #Port 22 to another port (ensure firewall rules are updated accordingly).

  • Disable root login: Uncomment or add the line:

    PermitRootLogin no

  • Restrict access to specific users: For example, to restrict access to users in the "sftpusers" group, add:

    AllowUsers sftpuser

Make necessary changes and save the file.

3.3 Restart the SSH Service

To apply the changes, restart the SSH service:

Restart-Service sshd

Step 4: Configure User Access

4.1 Create a User for SFTP

  1. Open PowerShell as Administrator.

  2. Create a new user:

    New-LocalUser -Name "sftpuser" -Password (ConvertTo-SecureString "YourPasswordHere" -AsPlainText -Force) -FullName "SFTP User" -Description "User for SFTP access"

  3. Add the user to the appropriate group, if necessary (e.g., sftpusers).

4.2 Set Home Directory and Permissions

  1. Set a home directory for the SFTP user, ensuring proper permissions. For example:

    mkdir C:\SFTP\sftpuser
    
New-LocalGroup -Name "sftpusers" -Description "SFTP User Group"
    
Add-LocalGroupMember -Group "sftpusers" -Member "sftpuser"

  2. Adjust folder permissions to secure file access.

4.3 Configure Directory Permissions

Ensure that the new user has the required permissions on their home directory to read/write files.

Step 5: Configure Firewall Rules

  1. Open Windows Defender Firewall with Advanced Security.

  2. Create a new inbound rule:

    • Type: Port

    • Protocol: TCP

    • Port: 22 (or your custom port)

    • Action: Allow the connection

    • Profile: Select the appropriate profiles (Domain, Private, Public)

    • Name: "Allow SFTP"

Step 6: Connect with an SFTP Client

Using an SFTP client (e.g., WinSCP, FileZilla, etc.), connect to the server using the credentials of the newly created user.

  • Host Name: Your server’s IP address or domain name

  • Port: 22 (or your custom port)

  • Protocol: SFTP

  • Username: sftpuser

  • Password: YourPasswordHere

Conclusion

Setting up SFTP on Windows Server 2022 enhances the security of data transfers, ensuring that sensitive information is protected during transit. By following the steps outlined in this article, you can facilitate secure file transfers for your organization. Remember to regularly review your configuration and keep your server updated to maintain security.

If you have any questions or need further assistance, feel free to leave your comments below!

About WafaTech: WafaTech is a tech blog that provides insights, tutorials, and articles on various technology trends and solutions to help you stay updated with the latest in the IT world.