SFTP interface to OpenStack Object Storage (Swift)
Python Shell
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
bin changed code layout so the dependency packages are not needed when bu… Jun 23, 2011
docker typo May 12, 2016
sftpcloudfs correct spelling mistake Sep 1, 2017
tests tests require a recent version of paramiko, 2.0.x recommended Nov 3, 2016
COPYING copyright year bump May 12, 2016
ChangeLog fixed Michel Nederlof name Nov 3, 2016
MANIFEST.in added QuickStart.md to the distribution Nov 18, 2013
QuickStart.md added quickstart doc, fixes issue #6 Oct 27, 2013
README.md Indent default to include version, docs and example Nov 3, 2016


sftp cloudfs

This is a SFTP (Secure File Transfer Protocol) interface to OpenStack Object Storage, providing a service that acts as a proxy between a SFTP client and a storage service.

The username/password pair used to open the SFTP session is validated using the authentication service of the files/storage service to get an authentication token.

The communication between the client and the SFTP daemon is encrypted all the time, and the SFTP service supports HTTPS communication with the remote files/storage service.

There's limited SCP support since 0.10.



  • python (2.6)
  • paramiko (1.7.6+; 1.17.0+ recommended)
  • python-swiftclient (2.0+)
  • python-daemon (1.5.5)
  • ftp-cloudfs (0.35+)
  • python-memcached (1.45)

These are the minimum recommended versions based in our testing environment.

You may need to create a host key with ssh-keygen.

To install the software, run following command:

python setup.py install

Or using pip:

pip install sftp-cloudfs

Please use the latest pip version, old versions may have bugs. You can upgrade pip using pip: pip install --upgrade pip.


Once installed you can run the service with sftpcloudfs executable, that supports following options:

--version             show program's version number and exit
-h, --help            show this help message and exit
-a AUTHURL, --auth-url=AUTHURL
                      Authentication URL
--insecure            Allow to access servers without checking SSL certs
-k HOST_KEY, --host-key-file=HOST_KEY
                      Host RSA key used by the server
-b BIND_ADDRESS, --bind-address=BIND_ADDRESS
                      Address to bind (default:
-p PORT, --port=PORT  Port to bind (default: 8022)
                      Server ident to use when sending the SSH banner to the
                      client (default: sftpcloudfs_VER)
--memcache=MEMCACHE   Memcache server(s) to be used for cache (ip:port)
-l LOG_FILE, --log-file=LOG_FILE
                      Log into provided file
-f, --foreground      Run in the foreground (don't detach from terminal)
--disable-scp         Disable SCP support (default: enabled)
--syslog              Enable logging to system logger (daemon facility)
-v, --verbose         Show detailed information on logging
--pid-file=PID_FILE   Full path to the pid file location
--uid=UID             UID to drop the privileges to when in daemon mode
--gid=GID             GID to drop the privileges to when in daemon mode
--keystone-auth       Use auth 2.0 (Keystone, requires keystoneclient)
                      Region name to be used in auth 2.0
                      Character used to separate tenant_name/username in
                      auth 2.0, default: TENANT.USERNAME
                      Service type to be used in auth 2.0, default: object-
                      Endpoint type to be used in auth 2.0, default:
--config=CONFIG       Use an alternative configuration file

The default location for the configuration file is /etc/sftpcloudfs.conf.

Memcache is optional but highly recommended for better performance. Any Memcache server must be secured to prevent unauthorized access to the cached data.

By default Swift auth 1.0 will be used, and is compatible with OpenStack Object Storage (Swift) using swauth authentication middleware.

Optionally OpenStack Identity Service 2.0 (aka keystone) can be used. Currently python-keystoneclient (0.3.2+) is required to use auth 2.0 and it can be enabled with --keystone-auth option.

The server supports large files (over the 5GB default) by splitting the files in parts into a .part subdirectory and using a manifest file to access them as a single file.

Please check the example configuration file for further details.


This is free software under the terms of MIT license (check COPYING file included in this package).

The server is loosely based on the BSD licensed sftpd server code from:


Contact and support

The project website is at:


There you can file bug reports, ask for help or contribute patches.