Using sftp in Windows to create secure transmission

Source: Internet
Author: User
Tags ftp protocol ultraedit

As we all know, the biggest difference between Windows and Linux systems lies in its non-open-source nature. Therefore, in Windows, we transfer files and share resources through FTP, compared with the previous TFTP protocol, FTP provides necessary security measures. However, for some scenarios that require a high level of network security, it is necessary to strictly prevent data transmission from being stolen by monitoring tools, the FTP protocol is not competent. In this case, we should find a safer transmission protocol to ensure the security of the server. Today, I will introduce to you IT168 readers how to create secure transmission through sftp in Windows.
1. What is sftp?
In general, in addition to ftp, the file transmission between two machines can also be performed through scp/sftp protocol (sftp introduced in this article. Next we will look at the difference between sftp and ftp.
(1) Unlike ftp, sftp/scp transmission uses encryption to transmit data by default. scp/sftp ensures that all transmitted data is encrypted. Ftp generally allows plain text transmission. Of course, encrypted ftp with SSL is also available. Some server software can also be set to "only allow encrypted connections ", but after all, it is not the default setting that requires manual adjustment, and many users will ignore this setting.
(2) normal ftp only uses port 21 for Command Transmission. The server and the client negotiate with another random port for data transmission. In pasv mode, the server needs to listen to another port. If the server is behind the vro or firewall, port ing will be troublesome, because the data port number cannot be known in advance and cannot be mapped. (Currently, most ftp servers support limiting the random range of data ports. To some extent, this problem is solved, but it still needs to be mapped to port 21 and a data port range, some servers negotiate dynamic ing with routers through the UPnP protocol, but this is rare)
(3) When there are some unix system machines in your network, scp and other clients are provided on them, so you do not need to install other software for transmission purposes.
(4) scp/sftp is an open source protocol. We can use it for free without any security or copyright issues like FTP. All scp/sftp transmission software (server and client) are free and open-source, allowing us to develop various extension plug-ins and application components.
TIPS: Of course, sftp still has some shortcomings while providing secure transmission. For example, the access permission of his account is strictly implemented by the System user, only by adding this account as an operating system can a user be able to log on to the sftp server normally.
2. download the required program:
All the tools described in this article were not born in windows. They were transplanted from unix, And the configuration method still uses the conf file, with almost no graphical interface. In addition, these configuration files generally use unix line breaks. Therefore, IT168 readers are recommended to use ultraedit and other tools instead of notepad for editing. First, ensure that the configuration files are properly displayed, the second is to ensure that the format is not damaged during storage and the service program cannot be read.

On the server side, we use openssh, which comes with the cygwin environment and servers with scp/sftp (sftp is a "sub-service" of ssh ", use a command in the ssh channel to activate it as needed ).;
 
Open a browser to access http://sourceforge.net/project/showfiles.php? Group_id = 103886 & package_id = 111688 & release_id = 252007 on this page, we can download SSHWindows-Installer, 3.8p1-1 20040709 Build this program.
(1)


On the client side, we use winscp software, which is a graphical interface software. Interface operations are similar to ftp software and are very easy to use. We arrived
Http://sourceforge.net/project/showfiles.php? Group_id = 85589 download WinSCP 3.8.2. (2)
3. Configure the sftp Server: 
The installation and configuration of the sftp server is relatively simple. You can enable the sftp service with several commands.


Step 1: extract the downloaded sftp server and run the main program directly. Click "NEXT" to perform the following operations.
(3)
 

Step 2: Enter "agree" in the license agreement window and click "Next" to continue. (4)



Step 3: select the component to be installed in the following Configuration window. From the page, we can see that the components include client and server. In fact, we only need server, on the client side, we can use the previously downloaded WinSCP 3.8.2. Select the server component and click "Next"
Button to continue. (5)


Step 4: select the installation path of the program. The default path is c: \ program files \ openssh. We recommend that you do not modify this default address.
(6)

Step 5: By default, openssh adds an application to the Start program named


Step 6: openssh automatically creates an ssh security encryption key at the end of the installation to ensure security and reliability during SSH transmission. (8)

Step 7: complete all installation and click "finish" to return to the desktop. (9)


Step 8: start the service. Go to Start-> Run-> Enter CMD and press enter to enter the Command Prompt window. Then, use the cd command to locate c: \ programfiles \ openssh \ bin directory. (10)

Step 9: Run mkgroup-l> .. \ etc \ group mkpasswd-l> .. \ etc \ passwd command, so that all users in your local windows account can log on to the sftp server. They have the same access permissions on the file directory and NTFS. This step is equivalent to creating an access account in FTP. (11)

Step 10: After adding each access account, you can view the content of the group and passwd files in the c: \ program files \ openssh \ etc directory, of course, these contents are encrypted. (12)

These two files store account-related information. As mentioned above, they are transplanted from unix, And the configuration method still uses the conf file, with almost no graphical interface. In addition, these configuration files generally use unix line breaks. It is recommended that IT168 readers use ultraedit and other tools instead of notepad for editing. First, ensure normal display, the second is to ensure that the format is not damaged during storage and the service program cannot be read. (13)

Step 2: Finally, run the net start opensshd command in the c: \ program files \ openssh \ bin directory that we just entered. This will start the opensshd service and we can start accessing it. (14)


Tip: Generally, sftp can use the default port 22 to publish the service. If you want to change this port for special reasons, edit the C: \ ProgramFiles \ OpenSSH \ etc \ sshd_config file and change this line to the port you want, such as 8029, after the configuration is complete, restart the openssh Service (restart the service for any configuration changes ).

Now that the configuration of the server is complete, we will introduce how to create the sftp service on the client.

TIPS: If you want to add an access account in the future, first add the user in windows. For example, set the password for an account named softer, make sure that you do not select "Password required for next login ". The permissions and user groups of this user are determined by you. Go to the c: \ program files \ openssh \ bin directory and run mkpassword-l-u softer> .. the \ etc \ passwd command can be used to add the added softer account to the access permission. To put it bluntly, the command plus-u adds a separate account. Without the-u parameter, all accounts in the current system will be added to the list of accounts allowed to access the sftp server.


4. Configure the sftp client:
# I5 Y3 R; S + E
It is easier to configure the sftp client. Since we have downloaded WinSCP 3.8.2 before, you can directly run this program to see the logon configuration interface. (15)


Based on the actual address and access account information of the sftp server, we can keep the default sftp protocol (allow scp fallback, after the configuration is complete, click the login logon button and the "usage prompt" message will appear. You can proceed without any further consideration. (16)


After logging on to the server, we can see that the interface displays the same as the ftp logon tool we were familiar with before, especially similar to logging on to the FTP server with flashfxp. On the right is the directory released by the sftp server. (17)

Of course, this default release directory may not be what we want to see. If you want to access your C drive, we can first focus on the half-side window of the server, and then press ctrl + o, enter/cygdrive/c and press enter to add this directory to the winscp bookmarks or use it as the default directory for logon. (18)



V. Summary:
When we want to disable the sftp service, we only need to execute the net stop opensshd command in the corresponding directory on the server side, so that the corresponding service will be automatically disabled. (19) In addition, if the sftp server cannot be accessed on the client, it is probably because the firewall of the XP system is messy. we disable the firewall or manually allow c in the windows Firewall Configuration: \ Program Files \ OpenSSH \ usr \ sbin \ sshd.exe Program execution and network access.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.