SFTP Server (SSH File Transfer Protocol) in Java, based on Apache MINA SSHD
Java Shell
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
assembly
linux
sampleconf
src/main
.classpath
.gitignore
.project
LICENSE
README.md
pom.xml

README.md

sftpserver

SFTP Server (SSH File Transfer Protocol) based on Apache MINA SSHD. Open Source Java project under Apache License v2.0

Current Stable Version is 1.2.1


Config:

${sftp.home}/conf/[id]/sftpd.properties (all in one file)
#
## Global Options
#
# Listen on TCP port 22222
sftpserver.global.port=22222
# Enable compression (requires jzlib) (default: false)
sftpserver.global.compress=true
# Enable dummy shell (default: false)
sftpserver.global.dummyshell=true
#
## Configure user "test"
#
# Password for user
sftpserver.user.test.userpassword=clean-unencripted-password
# PublicKeys for user (OpenSSH format)
sftpserver.user.test.userkey.1=ssh-rsa AAAAB3NzaC1yc2EAAAADA...E7uQ==
sftpserver.user.test.userkey.2=ssh-dss AAAAB3NzaC1kc3MAAACBA...IwtA==
# Set user home directory (chrooted)
sftpserver.user.test.homedirectory=./home/test/
# Enable user (default: false)
sftpserver.user.test.enableflag=true
# Enable write (default: false)
sftpserver.user.test.writepermission=true
#
${sftp.home}/conf/[id]/sftpd.properties + ${sftp.home}/conf/[id]/htpasswd
#
## Global Options
#
# Listen on TCP port 22222
sftpserver.global.port=22222
# Enable compression (requires jzlib) (default: false)
sftpserver.global.compress=true
# Enable dummy shell (default: false)
sftpserver.global.dummyshell=true
#
## Configure htpasswd
#
# Enable htpasswd (default: false)
sftpserver.htpasswd.enableflag=true
# Set home directory for all users (chrooted)
sftpserver.htpasswd.homedirectory=./home/test/
# Enable write (default: false)
sftpserver.htpasswd.writepermission=true
#

Running (Linux)

./bin/sftpd.sh <run|start|stop|restart|status> [id]

Upstart Script (Linux)

./bin/sftpd.conf (you can copy to /etc/init/)

Generate Encrypted Password (Linux)

./bin/sftpd.sh <pwd>

DONEs

  • Use Java SecurityManager/Policy File
  • Non operating system accounts
  • Homes are chrooted
  • ReadOnly accounts
  • Encrypted Passwords (SHA2/MD5/APR1)
  • PublicKey Authenticator (OpenSSH keys RSA/DSA)
  • Support htpasswd file (APR1)

MISC

Current harcoded values:

  • Hostkeys are writed to: hostkey.pem or hostkey.set in ${sftp.home}/keys/ directory
  • SecurityManager/Policy File is in conf/${ID}/sftpd.policy (custom) or lib/sftpd.policy (generic)
  • Htpasswd File is in conf/${ID}/htpasswd (custom) or conf/htpasswd (generic)
  • Only SHA2-512, SHA2-256 and SHA1-160 are enabled for HMAC (MD5, MD5-96, SHA1-96 are disabled)

Maven Dependencies:

Apache MINA SSHD

  • mina-core-XXX.jar
  • sshd-core-XXX.jar

Apache Commons Codec (password encryption)

  • commons-codec-XXX.jar

Log4J (logging)

  • log4j-XXX.jar

SLF4J (logging)

  • slf4j-api-XXX.jar
  • slf4j-log4j12-XXX.jar

Bouncy Castle (encryption)

  • bcprov-jdk15on-XXX.jar
  • bcpkix-jdk15on-XXX.jar

JZlib (for compression)

  • jzlib-XXX.jar

Inspired in mina-sshd and openssh.