I recently got the task to add SFTP support to an existing Windows Server machine running on an Azure VM and thought i would share the steps.
There is a great guide at winscp.net which gets us most of the way, paraphrased here:
- Download the latest OpenSSH for Windows binaries
- Extract to C:\Program Files\OpenSSH
- Run install-sshd.ps1 as admin
- Allow inbound traffic to port 22 (or a custom port):
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH SSH Server' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
- Add the same firewall rule to the Azure VM
- Start the Windows service OpenSSH SSH Server and configure automatic start
We are now up and running and you should be able to connect with an existing Windows account. However, you end up in the users home directory and you can browse to e.g. C: which is probably not what you want.
To restrict access to a folder for the group sftpusers, we can add the following to C:\ProgramData\ssh\sshd_config
Match Group sftpusers
In case we want to restrict each user to a subfolder we can instead add this:
Match User sftpuser
Thanks to Falko Timme for the tutorial where this is described.
If you want to use a port other than 22, you also need to uncomment and change this line in sshd_config
# Port 22
That is all, have a good day!