How to set up an SFTP server in Windows using OpenSSH
Transferring data wireless over local network isn't something new, people have been doing that for a long time. You may be aware of what I'm talking about: an FTP connection. With an FTP client you can connect one device to another to transfer your data over a network.
But since the FTP protocol isn't safe in the first place you should consider ditching it in favor of something better.
For those unaware, a much better wireless transfer protocol exists and it's called SFTP. The S in SFTP, literally means secure. It encrypts the connection's login information and the data that is transferred. So nobody can tap in and tamper with the data transfer. FTP on the other hand is not secure as anyone who gets to listen to the network traffic gets the information unprotected.
The good thing about SFTP is that you can use it for everything you used FTP for. So you get better security for free. What do you have to lose, right?
Now there's just one problem. Windows versions prior to Windows 10 don't come with SSH so you'll need to install OpenSSH (or something similar). This is an open source SSH implementation, and guess who recommends it? Microsoft. OpenSSH is included in Windows 10 and Windows Server 2019.
This tutorial is based on the original OpenSSH documentation. The official guide may look intimidating which is why we made one as user-friendly as possible. You can follow this method in any version of Windows, I tested in on Windows 7.
How to set up an SFTP server in Windows using OpenSSH
This process consists of two parts: installing OpenSSH and opening an SSH port for SFTP to work.
Installing OpenSSH (and activating the required services)
- Download OpenSSH from GitHub.
- Extract the archive to the Program Files folder.
- Open PowerShell as an administrator, and paste the following command in the window, to navigate to the folder: cd "C:\Program Files\OpenSSH-Win64".Â
- SSH requires two services to run, sshd and ssh-agent. To install these, paste the following command in the PowerShell window: powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1. You should see a message which says "sshd and ssh-agent services successfully installed".
- Close the PowerShell window.
- You can start the services manually or set them to open automatically, by using Services.msc. This will create the folder "C:\ProgramData\ssh" with your host key which is crucial for the service to work.
Note: The services are named OpenSSH Authentication Agent and OpenSSH SSH Server.
Opening the SSH port in the Windows Firewall manually
- Â SSH uses Port 22 for transfer/authentication, which is closed in Windows because SSH isn't included by default. To open it, open the Windows Firewall from the Control Panel.
- Click on Inbound Rules (in the left pane).
- In the right pane, click new rule, select Port and click on Next.
- Type the number 22, in the Specific local ports option, and click Next.
- Choose "Allow the Connection", click Next, and select "Private" for the network option.
- Give the rule a name. For e.g. SSH or OpenSSH.
- Click on Finish.
That's it, you're good to go.
Testing the SFTP server
Let's test if it works. You need an SFTP client to do this.. WinSCP is the one I use on Windows but you may use any other that supports SFTP, e.g. FileZilla, FTP Rush, or a file manager with SFTP support such as Altap Salamander.
For Android, you have many options; Total Commander and Ghost Commander have SFTP plugins, while some apps like Amaze File Manager or X-plore File Manager have the feature built-in.
Windows
Run WinSCP and select "SFTP" as the protocol. In the host name field, enter "localhost" (if you're testing the PC you installed OpenSSH on). You will need to enter your Windows username and password to allow the program to connect to the server. Hit save, and select login.
You'll see a pop-up window like the one below, which asks you if you trust the server you're trying to connect to. Since the server is your own computer, you can allow it. Basically this is the host key which authenticates the connection made by the device. You can use this to transfer content from one computer to another too.
Note: If your Windows user account does not have a password, you will need to use a public key to authenticate the SFTP server, which involves a separate process. You can create a different account on the system for SFTP access but may need to make files available outside of the user directory.
Android
Let's use Amaze File Manager which is open source. Tap the + button, and select "Cloud connection". Choose SCP/SFTP connection and a pop-up should appear. Find your computer's IP address using command prompt, and the command IP config. For e.g. my PC has the address 192.168.1.9
Enter it in the server field, leave the port number as 22, and enter your Windows username and password in the respective fields. It should connect to your computer, and you will be able to access all the content that can be accessed by the Windows account.
Closing Words
One of the main advantages of the operation is that you may access or transfer files over a network easily; this is not something that all users need and there are certainly other options to achieve the same goal depending on individual needs.
Now You: Have you set up SSH in the past or use it actively?
I could use WinSCP to login to remote SFTP service set up this way, using a domain account on the domain that the machine is joined to. However, when I created a local account on that machine and tried that in WinSCP on a remote machine, it gives error:
—
Authentication log (see session log for details):
Using username “MACHINENAME\username”.
Authentication failed.
—
Anyone knows how to resolve that?
Good article, got linked via https://learn.microsoft.com/en-us/answers/questions/425437/sftp-in-windows .
HI,
I installed OpesSSH accordingly without error. but when I try sftp connection using WinSCP, the connection closed with error “Cannot initialize SFTP protocol. Is the host running an SFTP server?”
Is there some other config need to be enable?
Hi,
I managed to get the issue resolved today. I done 2 changes below, so not sure if both got impact on the re-solution.
1) change permission for sshd_config file. I grant full access for my test ID.
2) edit path for sftp-server in sshd_config file (existing is subsystem sftp sftp-server) to subsystem sftp \sftp-server.
After changes, restart sshd services. Hope this help.
Is it possible to add the share folde or nas drive to SFTP in windows
Huh? Why are there so many errors in this article?
> FTP on the other hand is secure
how can i track sftp traffic, upload and download ?
thanks
There is no c:\programData\ssh folder created
You need to start/restart the service.
The above method shows how we can connect to sftp using windows authentication. Could you provide a demo connecting to SFTP server using SSH Key instead of using window login password?
Hi Sunil,
have you managed to get it working with the a SSH key instead of a username password combination?
Hi, i have successfully setup OpenSSH following your guide , but can you direct me correct way to connect to remote server using public key … im stuck on this .. please help
is it faster than SMB ?
i use smb it basically takes 2 minute to setup
Regardless of speed, you should never expose SMB outside of your network as it’s not very secure – that’s why SMBv1 was removed from any new Windows machines by default, and why SMBv2 is not far behind.
In the sentence “FTP on the other hand is secure as anyone who gets to listen to the network traffic gets the information unprotected.” the word “secure” should be “insecure”.
I prefer to use a public key than entering my Windows account password in a Android app.
I think some a explanation about keys and how to use them would be welcome.
FTP with TLS/SSL ?
Last time I tried SFTP my speed went from 50+MBs to 3