SFTP Server
Secure File Transfer (SFTP) is a ftp-like transfer of files that uses the secure ssh2 data communications. SFTP does not use the ftp protocol. A standard ftp client cannot be used to connect to a sftp server.
The sftp server is installed with the ssh server. It will automatically launch when a sftp client connects to the server. SFTP access is on by default. Use the Access Control page to turn off all access or explictly allow users using the SFTP Users main page.
Only Allow Configured Users Access to SFTP
Check this box to deny SFTP access to any user not explicitly listed in the user box.
Logging
Use this list to choose the type of SFTP session logging desired.
Off - No logging.
Transfers - Log only the files transferred and the result of the transfer.
Detailed - Log all commands and results of the sftp session.
Status - Log all events performed by the sftp server. This is the most detailed logging available.
Directory for Log Files
Choose the directory to store sftp log files.
To configure the environment for all sftp users modify the settings for the Default user. To create a unique environment for each user or to grant access to only specific users, create the user and modify their settings individually.
Client Root Mode
Fortress SFTP Server allows you to configure client directory access in three ways:
Mapped Root:In this mode, a specific directory is identified as the root for the user’s sftp session. The user will only see the contents of that directory and any directories beneath it. Environment variables are expanded when the sftp session is created so they can be used in the directory specified in the gui configuration. The default should probably be something like %USERPROFILE% which will be expanded to the user’s home directory.
Administrator:
This mode is similar to the Mapped Root mode, but with upward directory traversal. The root is invented by the sftp server and the top level directories are the physical drives of the system. This allows the sftp server to traverse to any directory in the system, provided the logged on user has valid permissions on the file system.
Virtual Root (vRoot):
In this mode the root of the sftp session has no actual physical directory. It is a made up construct by the sftp server. The user is allowed to configure the first level directories to point to specific file paths. This allows the SFTP server administrator to be able to grant access to specific directories to specific users. Consider the following directory tree:
+ -------- Documents and Settings ------ localuser
|
C:
|
+ --------- TempSuppose you wish to give the user only access to the localuser directory and the temp directory. Using the mapped root mechanism, you would need to make the root C:. That is the only way the sftp user would be able to see and access both directories. Using virtual roots, this isn’t necessary. The administrator can configure the sftp user to use a virtual root with two subdirectories; one for each of the desired directories. The user will not be able to see or access anything but those specified. Using the above tree as an example, the vroot could be configured as:
UserDir %USERPROFILE%
Temp C:\Temp
When the sftp user connects, they will two directories in their root, Temp and UserDir. Traversing into either of these will allow the sftp user to access the contents of the C:\Documents and Settings\localuser and C:\temp directories, any directories beneath them and nothing more.
See also: