Friday, September 5, 2014

How to Securely Transfer Files to Someone Else with SFTP


Data is transferred in cleartext, making it unsuitable for confidential file transfers.  In this guide we’ll go over the secure version of FTP – SFTP, and why it makes for an excellent way of transferring files to other people across the internet.

Why SFTP?

Geeks run into this problem all the time: You have a file that’s just too big to transfer over email or instant messenger.  Sure, you could upload it to Dropbox or some other cloud service, but what if you don’t have/want an account with them, have enough storage freed up,  or what if you just want to bypass the middle man altogether? Not to mention the security concerns with cloud services.
Instead of going through that hassle, you can save time by transferring files (big and small) to your friend by using SFTP.  There’s no need to encrypt your files before transfer, because they are being tunneled through the very secure SSH protocol.  Not only that, but now you can upload directly to your friend instead of the cloud, saving lots of time.
But wait, there’s more!  If you want to share out more files with people, you can just drop them in a specified folder and your buddies can browse that section of your PC as if it were a part of their own.  Sharing files can be a whole lot easier with this method, because the uploading will be initiated by your friend instead of you.  All you have to do is drag and drop, and let them know they can now download the file(s).

Setting up SFTP

Setting up an SFTP server in Windows is going to require some third party software.  Most software that has this functionality is going to cost you, but we will be using a free one called freeFTPd.  Click that link to download and install the program.  Be forewarned, the developers clearly aren’t native English speakers, and it shows in a lot of the text.  Don’t be alarmed though, it’s a legitimate program that we’ve tested and everything checks out – you’ll be hard-pressed to find a better free alternative.
Go through installation as normal, and at the end there will two prompts, one asking if private keys should be created, and the other asking if it should run as a service; click Yes on both.
When installation finishes, open freeFTPd via the new shortcut icon on your desktop.  We ran into problems writing configuration changes, so make sure you right click on the icon and run the program as Administrator.
To get started with the configuration, click on Users to the left.
In this menu, click on Add and fill out the information for a new user account to access your server.
Under Authorization, you can choose to use “NT authentication” or “Password stored as SHA1 hash.”  NT authentication means that it uses a Windows username and password, so you’d need to create a new user on your computer for anyone who accesses the SFTP directory.  In most cases, it will probably be best to just store the password as a SHA1 hash and keep the SFTP user separate from the Windows users.
After you’ve typed in the desired username and password, uncheck the “FTP server” box towards the bottom and then click Apply.  Now that the user is setup, click on the SFTP tab.
The only thing really worth changing on this tab is the SFTP root directory.  This specifies where the files you want to share out will reside.  For simplicity, we’re just going to change the already populated directory to a folder on the desktop.
Once you’re ready to begin hosting files, click the Start button in this tab.  Windows Firewall will probably pop up and ask you if this is OK – click Allow access.
Now you should be able to return to the Status tab and see that your SFTP server is running.
Click on Apply & Save to keep these changes and then close the window.
freeFTPd will continue to run in the background.  To access it, just open it up from the notification area.

Accessing the SFTP Directory

Put a couple of files in your SFTP directory so we can do some testing.  If you left the home directory for the user at its default ($SERVERROOT\geek in our example), then you’ll need to create another directory within the SFTP root directory.
As you can see in this screenshot, we put two test files into the ‘geek’ directory which is inside of the ‘SFTP server files’ (SFTP root directory) folder.  Make sure that port 22 is forwarded to your PC on your router, and then you’re ready for someone to connect to your PC. 
Have your buddy download an FTP client that is able to access SFTP servers – our recommendation is FileZilla. They will just need to type in your IP address, the username and password that you configured earlier, and specify the port your server is running on (if you left it at the default, it will be port 22).
The first time they connect to your server, they will be prompted to save the host keys.  They just need to check the “Always trust” box and click OK to never be prompted about this again (unless you change your host keys for some reason).
Your friend should now be able to access the files you placed within the SFTP directory, and add files to it that they would like to share with you.

No comments: