Hi everyone! I'm looking to set up an SFTP file server at my location for an outside company that will be exchanging files with us. What software or configurations do you recommend for this? Additionally, how should I handle firewall rules? Should I be port forwarding their IP range to my local server's port 22? Thanks for any insights!
5 Answers
For SFTP, a good approach is to use a container on your edge network that's exposed to the WAN, along with an SSH proxy for the required authentication. As for firewall rules, I usually just forward port 22 to the SSH proxy and let it take care of the rest instead of dealing with specific IP blocks.
If you're not comfortable editing the sshd config file or prefer a GUI, you might want to check out Bitvise SSH Server. It's not free, but it's reasonably priced at $100 for the first year and less for renewals. More info can be found [here](https://bitvise.com/ssh-server).
Don't forget about SFTPGo! It's based on Golang and has Windows builds available. You can check out the documentation [here](https://docs.sftpgo.com/2.6/), and the releases can be found on [GitHub](https://github.com/drakkan/sftpgo/releases) if you're not using Linux.
I've been using Robo-FTP for a while now because it triggers scripts based on events. Despite the name, it does SFTP as well. It's reliable, but the pricing has increased over the years. Also, for security, my hosting does NAT to our SFTP port with IP whitelisting, and Robo-FTP has built-in whitelisting features.
Setting up a Linux host with a chrooted SFTP-only account is a solid option. I found this [ArchWiki article](https://wiki.archlinux.org/title/SFTP_chroot) that explains how to get started. Just forward port 22 to that host and enforce public key authentication, and you'll be all set!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures