On a server running Linux or Unix, setting up an SFTP server is a very straightforward process. In the vast majority of systems that are similar to Unix, SFTP is already installed by default. If you want to use it, all you need to do is alter a few parameters, such as authentication, users, directory, etc., and you will be good to go.
On the other hand, configuring an SFTP server on Windows is a completely different ballgame. It is possible to be more difficult, and you may want assistance from third-party applications. Cygwin is a superb piece of software that enables users to run a UNIX shell on Windows and is used by a lot of IT professionals because of this reason. And thankfully, OpenSSH, which is the de facto standard for SSH daemons in the UNIX and Linux worlds, is included with Cygwin.
In this guide on how to set up a Cygwin SFTP server, we’ll begin by installing Cygwin, then proceed to configure users and permissions, the SSH file, and lastly test the server when we’re done.
Cygwin is a set of open-source and GNU technologies that enable computer programs written for Unix or Linux to be built and executed on Microsoft Windows. Cygwin offers a dynamic link library (DLL) called cygwin1.dll, which is also known as the Cygwin Portable Operating System Interface (POSIX) emulator. This DLL contains important Windows operations and driver functions.
Cygwin ships with an installation directory that functions in a manner analogous to that of the root file system in UNIX and Linux. It incorporates well-known directories like /bin, /home, and /etc, in addition to other ones. In addition, Cygwin gives Windows users access to the hundreds of command-line utilities that are exclusive to Unix and Linux computers. These tools are exclusively available on those operating systems. You may also increase its capability even further by utilizing the included applications and tools in the packaging system.
Downloading and Installing Cygwin
Proceed to the Cygwin website and locate the “Install Cygwin” link in the menu column on the left. After that, make sure you have the most recent version of Cygwin downloaded.
- For 64-bit versions of Windows, download the setup-x86 64.exe file.
- For 32-bit version of Windows, download the setup-x86.exe file.
To install Cygwin, use the setup tool that you just downloaded and follow the on-screen instructions to complete the installation. The process of installation is quite simple and straightforward to carry out.
- To set up your proxy (if you are using one), the root directory (leave the C:cygwin root specified as the default), and a download mirror, click the Next button and follow the on-screen instructions (go by default or choose one that is closer to your location).
- When you finally get to the Cygwin Setup – Select Packages screen, this is where you will select the packages that you want to have installed.
- It is necessary to install the “OpenSSH package” in addition to the other components to use Cygwin for the creation of an SFTP server on Windows.
- Search for OpenSSH, then choose the Net package of the OpenSSH program from the results of your search. After that, use the menu that drops down to choose the most recent version of OpenSSH. Installing the OpenSSH Debug package is an additional option available to you.
- Ensure that the default options for the remaining packages are retained.
- Click Next and wait for the Cygwin Setup to finish.
Setting up Cygwin SFTP and its SFTP users
When you start up the Cygwin terminal, make sure to run it in administrator mode. When you start Cygwin for the first time, it will create your home directory as well as the file structure. It needs to resemble anything along these lines:
- Open the /etc. folder after navigating to the installation location for Cygwin (in my case, this is located at C:/cygwin64).
- Search for files with the names “passwd” or “group”. If they do not already exist, you will have to make them.
To create these two files, go into the Cygwin terminal and use the following utilities: mkgroup and mkpasswd.
mkgroup > /etc/group
mkpasswd -cl > /etc/passwd
Both utilities will create an initial /etc/group and /etc/passwd file. If you configured them correctly, you should now be able to see them in Cygwin’s installation folder (C:/cygwin64).
With the proper permission level, every time a new user is created, these files will include further user information on a new line entry.
Give read/write permissions to passwd and group files
Execute the following commands on the Cygwin terminal:
- export CYGWIN=’ntsec tty’
- chmod +rw /etc/group
- chmod +rw /etc/passwd
- chmod 0755 /var (optional)
The “chmod 0755/var” is needed to allow users to upload directories into the document root. With 0755, the local users in a group will be able to access the content.
Configuring the SSH
Once Cygwin is installed and users are given permissions, you can configure the CYGWIN SSH daemon (sshd service). The sshd daemon provides SSH access to Windows systems. To configure it, you’ll need to run the “ssh-host-config” program setup. Type on the Cygwin interface:
ssh-host-config
Once you execute this command, you’ll be asked some questions. You can say “yes” to all and leave default values, for example:
- Should strict modes be used?
- Do you want to install sshd as a service?
- Enter the value of CYGWIN daemon: [ ] (press enter to leave default value)
Checking and starting the service
If you configured the Cygwin ssh service correctly, you should now be able to start it. You can do this from the Cygwin terminal by running the command:
cygrunsrv –start cygsshd (or in most cases sshd)
You can also do this from the Windows console.
Go to the Windows command (cmd) line terminal (Win+R > type “cmd”) and type “net start cygsshd”. Or you can also go to Services (Win+R > type “services.msc”) and look for the “CYGWIN cygsshd” service to make sure it is “Running”.
Adding new Cygwin SFTP users and Directories
When setting up your Cygwin SFTP server, you’ll need to configure the users and the directory access unique for each user. You may also want to configure groups and assign each particular user to a specific group, to improve security. This helps organize users into departments or areas and apply for policies, settings, or permissions.
To create users and groups:
- Go to “Open Local Users and Group” by going to “Run” (Win+R) and typing “lusrmgr. msc”.
- Or, you can also go to Control Panel > Administrative Tools > Computer management > Local User and groups. If you are using a different edition of Windows (other than Server), you’ll need to create a standard local account. Configure this from the User’s Account tool in the Control Panel.
Create a user and group for SFTP:
- For example, create a Windows user (SFTP-USR01, SFTP-USR02, SFTP-USR03, etc.), and “optionally” create a Windows group, such as SFTP-GRP. Make all new users members of the new SFTP group.
- Create a folder to be used as the SFTP root folder. For example, under the System, the directory creates the folder C:\SFTP-SRV-ROOT.
- Now, create a folder inside C:\SFTP-SRV-ROOT for each SFTP user. Using the same name as the SFTP user is a good folder naming practice, for example:
- C:\SFTP_ROOT\SFTP-USR01
- C:\SFTP_ROOT\SFTP-USR02
Opening Firewall Ports
If you have trouble connecting to the SFTP server from outside, make sure the Cygwin SFTP server allows inbound connections to port 22 (SSH). To do this, you’ll need to configure the Windows Firewall to allow incoming TCP connections to port 22.
- In Windows go to Windows Firewall > Advanced Settings.
- Inbound Rules > New Rule.
- Rule Type > Port > Click Next.
- TCP > Specify local ports (22).
Generating SSH Keys
One of the reasons people use SFTP is because it relies on the SSH’s cryptographic functionality. SSH uses asymmetric (public-key) cryptography, which consists of two separate keys (or a key-pair), one the secret (or private) and the other the public. In asymmetric cryptography, both keys are used by the server and client.
If necessary, SSH can use public-key cryptography to authenticate a remote user rather than with a password. If you prefer to use a key pair for authentication, you can create a DSA key pair and share the public one with the user.
To generate the public/private DSA key pair to be used by SFTP (SSH):
- Open Cygwin
- Type “ssh-keygen -t dsa”
You’ll need to specify two configuration sets: the file and directory on where to save the key and the passphrase. This passphrase is used to configure service components to connect to your local SFTP server.
Using Cygwin Alternatives
Cygwin is a favorite tool for Linux/Unix admins that find themselves using Windows servers. But if you are looking for more accessible alternatives to Cygwin, other free solutions are easy to implement and run on Windows.
Use Files.com with Microsoft Azure.
Microsoft Azure
Microsoft Azure Files provides fully managed file shares in the cloud, accessible via the SMB and NFS protocols.
Azure Files shares can be mounted concurrently by cloud or on-premises deployments of Windows, macOS, and Linux. It enables file sharing between applications running in your virtual machines using familiar Windows APIs or the Azure Files REST API. Additionally, Azure File Sync allows caching and synchronization of Azure Files shares on Windows Servers for local access. Files.com supports integration with Microsoft Azure Files.
Create an SFTP Server Using Cygwin FAQs
How do I create an SFTP server using Cygwin?
To create an SFTP server using Cygwin, you can install and configure OpenSSH, an open-source implementation of the SSH protocol. This will allow you to enable SFTP access to your Windows computer.
How do I install OpenSSH using Cygwin?
To install OpenSSH using Cygwin, you can follow these steps:
- Download and install Cygwin from the official website.
- During the installation, select the packages for "openssh" and "openssl".
- Once the installation is complete, open the Cygwin terminal.
How do I configure OpenSSH for SFTP access?
To configure OpenSSH for SFTP access, you can follow these steps:
- Open the "sshd_config" file in a text editor, located in the "etc" folder in the Cygwin installation directory.
- Uncomment and modify the following lines:
- Subsystem sftp /usr/lib/openssh/sftp-server
- UsePrivilegeSeparation no
- PasswordAuthentication yes
- PermitEmptyPasswords no
- PermitRootLogin no (optional)
- Save the file and close the text editor.
- Restart the OpenSSH service using the "net stop sshd" and "net start sshd" commands in the Cygwin terminal.
How do I create SFTP users?
To create SFTP users, you can follow these steps:
- Open the "passwd" file in a text editor, located in the "etc" folder in the Cygwin installation directory.
- Add a new user entry in the following format: username:password:UID:GID:comment:home_directory:shell
- Save the file and close the text editor.
- Restart the OpenSSH service using the "net stop sshd" and "net start sshd" commands in the Cygwin terminal.
How do I connect to the SFTP server?
To connect to the SFTP server, you can use an SFTP client such as FileZilla or WinSCP. You will need to enter the IP address or hostname of the Windows computer, the SFTP username and password, and the port number (usually 22).
What are some best practices for securing the SFTP server?
Some best practices for securing the SFTP server include using strong passwords for SFTP users, limiting user access to specific directories, disabling root login, and regularly monitoring the OpenSSH log files for suspicious activity.