How to Create SFTP Server Using Cygwin

What is SFTP?

Secure File Transfer Protocol (SFTP) is a network protocol that provides file access, file transfer, and file management over a TCP/IP network or any reliable data stream. SFTP is not FTP run over SSH, but rather a new protocol designed from the scratch. But SFTP uses SSH to transfer files, and data is encrypted to prevent sensitive information from being exposed to the network in plain text. This is why most companies trust SFTP.  Web hosting and cloud service providers’ customers can rely on the service to securely transfer files over the network.

The SFTP architecture is based on the client and server model. An SFTP client is software that lets users connect to a server where files are stored and retrieved. SFTP requires that the client be authenticated by the server. However, as a protocol, SFTP does not provide authentication and security; rather, it expects the underlying protocol to take care of that. Users have full access to select the authentication level when transferring files over the web. One of the key benefits of choosing SFTP over other protocols is that no one can trigger or turn off the SFTP’s encryption system. All you need to use this protocol is to have an SFTP client and an SFTP server.

What is Cygwin?

Cygwin is free and open-source software that provides a Linux-like environment for Microsoft Windows. It consists of a DLL, which acts as an emulation layer providing substantial Portable Operating System Interface (POSIX) system call functionality, and a collection of tools, which provide a Linux look and feel. Under Cygwin, source code designed for Unix-like operating systems may be compiled and executed in Windows with minimal modification.

Thus, it is possible to launch Windows applications from the Cygwin environment, as well as to use Cygwin tools and applications within the Windows operating context. Users can interact with Cygwin through a Unix shell, such as bash, tcsh, or zsh. From there, they can issue Unix commands much like they would on a Unix or Linux computer.

How to Install Cygwin on Windows?

Cygwin programs are installed by downloading and running Cygwin’s setup program, which downloads the necessary program and feature package files from repositories on the Internet. According to information from their website, “When installing packages for the first time, the setup program does not install every package. Only the minimal base packages from the Cygwin distribution are installed by default, which takes up about 100 MB”.

Individual packages such as bash, gcc, less, and others are released independently of the Cygwin DLL. The setup program keeps track of the versions of all installed components and provides the mechanism for installing or updating everything available from the Cygwin website. Once you’ve installed your desired individual packages of the Cygwin distribution, re-running it next time will merely update your system to the latest releases. Now, follow the steps below to install Cygwin on Microsoft Windows:

Step 1: Go to the official Cygwin download page and download the latest version of Cygwin on your computer.

Step 2: Once you have downloaded the Cygwin setup file, double-click on the downloaded file to start the installation. You should see the following screen:

Cygwin Net Release Setup Program

Step 3: Click Next to proceed to the next screen. You will be required to choose whether to install it from the internet or your local machine.

Cygwin Setup - Choose Installation Type

Step 4: Choose “Install from the internet” and click on Next to continue. You will be asked to select the directory where you want to install Cygwin as shown below:

Cygwin Setup - Choose Installation Directory

Step 5: Define your installation directory path and click on Next to continue. You will be asked to select the local directory where you want the setup to store the installation:

Cygwin Setup - Select Local Package Directory

Step 6: Select a preferred directory and click on the Next button. You will be asked to select the Internet connection:

Cygwin Setup - Select Connection Type

Step 7: Select Direct Connection and click on the Next button. You will be asked to select the download mirror:

Cygwin Setup - Choose Download Site(s)

Step 8: Select your desired mirror and click on the Next button. You will be asked to select a package that you want to install:

Cygwin Setup - Select Packages

Step 9: Select OpenSSH and click on the Next button. You will be asked to review and confirm the installation.

Cygwin Setup - Review and confirm changes

Step 10: Click on Next to continue. You will be asked to create a shortcut icon:

Cygwin Setup - Installation Status and Create Icons

Step 11: Select your preferred options as shown above and click on the Finish button to complete the installation.

Configure an SFTP Server

After installing Cygwin, the next step is to set up an SFTP server using Cygwin. Follow the steps below to complete the process:

Step 1: Right-click on the Cygwin shortcut icon on your Windows desktop and click on Run as an Administrator.

Cygwin shortcut icon on Windows desktop / click on Run as an Administrator

When you launch Cygwin the first time, it will create a home directory structure similar to the screenshot below:

Cygwin - Copying skeleton files

Step 2: Next, you will need to create a password and group file inside /etc directory to store the user and group information. Both files are critical because they store user account and group information. Run the following command in the Cygwin terminal to create a passwd and group file:

mkgroup > /etc/group

mkpasswd -cl > /etc/passwd

Step 3: Next, you will need to provide read/write permissions to passwd and group files. You can do it by using the following command:

export CYGWIN=’ntsec tty’

chmod +rw /etc/group

chmod +rw /etc/passwd

chmod 0755 /var

Step 4: Next, you will need to configure the Cygwin SSH daemon to access the Windows system through SSH protocol. You can run the following command in the Cygwin terminal to configure the SSH daemon: ssh-host-config

The following output will be generated, in which you will be required to respond to several Yes/No questions:

*** Info: Generating missing SSH host keys

ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519

*** Info: Creating default /etc/ssh_config file

*** Info: Creating default /etc/sshd_config file

*** Info: StrictModes is set to 'yes' by default.

*** Info: This is the recommended setting, but it requires that the POSIX

*** Info: permissions of the user's home directory, the user's .ssh

*** Info: directory and the user's ssh key files are tight so that

*** Info: only the user has write permissions.

*** Info: On the other hand, StrictModes don't work well with the default

*** Info: Windows permissions of a home directory mounted with the

*** Info: 'noacl' option and they don't work at all if the home

*** Info: directory is on a FAT or FAT32 partition.

*** Query: Should StrictModes be used? (yes/no) yes

*** Info: Updating /etc/sshd_config file

*** Query: Do you want to install sshd as a service?

*** Query: (Say "no" if it is already installed as a service) (yes/no) yes

*** Query: Enter the value of CYGWIN for the daemon: []

*** Info: The sshd service has been installed under the LocalSystem

*** Info: account (also known as SYSTEM). To start the service now, call

*** Info: `net start cygsshd' or `cygrunsrv -S cygsshd'. Otherwise, it

*** Info: will start automatically after the next reboot.

*** Info: Host configuration finished. Have fun!

Step 5: After configuring the Cygwin SSH daemon, start the SSH service with the following command:

net start cygsshd

You should get the following output:

The CYGWIN cygsshd service is starting.

The CYGWIN cygsshd service was started successfully.

Create SFTP Users and Directories

The following are the steps required to create SFTP users and directories:

Step 1: Navigate to C: Drive >> cygwin64 >> home and create a directory called username_1 and username_2 as shown in the following screen:

Create SFTP Users and Directories

Step 2: Go to the Control Panel >> Administrative Tools >> Computer management >> Local User and groups and create two users called username_1 and username_2.

Step 3: Add both users’ details to Cygwin’s passwd file. To do this, open the Cygwin terminal and run the mkpasswd command to add newly created users’ details to the /etc/passwd file: mkpasswd -cl > /etc/passwd

Step 4: Set proper ownership to the /home/username_1 and /home/username_2 directories:

chown -R username_1 /home/username_1

chown -R username_2 /home/username_2

Verify SFTP Connection from Localhost

Now that the Cygwin SFTP has been installed and configured. It’s time to test it from the local system. To do this, Launch the Windows CMD and run the following command to test the SFTP connection: sftp username_1@localhost.

You will be asked to provide a username_1 password as shown below:

The authenticity of host 'localhost (::1)' can't be established.

ECDSA key fingerprint is SHA256:b6Tr4vIS2pga9QsYHYPHjCYIP2d0TzA1/+DFsi0e1AM.

Are you sure you want to continue connecting (yes/no)?

Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.

username_1@localhost's password:

Provide username_1 password and press Enter. Once you are connected to SFTP, you should see the following output:

Connected to username_1@localhost.

sftp>

Configure Windows Firewall

SFTP uses port 22 by default to establish a connection. That means you need to ensure that the Cygwin SFTP server allows inbound connections to port 22 (SSH). To do this, you’ll need to configure the Windows Firewall to allow incoming TCP connections to port 22 using the steps below:

  • In Windows, go to Windows Firewall >> Advanced Settings.
  • Inbound Rules >> New Rule
  • Rule Type >> Port >> Click Next
  • TCP >> Specify local ports (22)
  • Allow the connection, apply the rule to any profile (Domain, Private, or Public), and give it a name.

Access SFTP Server from Linux System

This section will show you how to connect to the SFTP server from the Linux machine using the Command Line and GUI methods.

connect to the SFTP server from the Linux machine using the Command Line and GUI methodsLinux Command Line Method: On the remote Linux machine, open the command-line terminal and run the following command to access the SFTP server: sftp username_1@sftp-server-ip. Follow the steps below:

Step 1: You will be asked to enter username_1 password as shown below:

The authenticity of host '215.87.10.171 (215.87.10.171)' can't be established.

ECDSA key fingerprint is 48:50:63:c5:a0:74:84:df:99:4b:2b:81:cd:db:ad:9f.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '215.87.10.171' (ECDSA) to the list of known hosts.

username_1@215.87.10.171's password:

Step 2: Provide your password and press Enter. Once you are connected to the SFTP server, you should see the SFTP shell in the following output:

Connected to 215.87.10.171.

sftp>

Step 3: Next, create some directories on the SFTP server using the following commands:

sftp> mkdir dir1

sftp> mkdir dir2

Step 4: You can verify both directories using the following command: sftp> ls -l

You should see both directories in the following output:

drwxr-xr-x 1 username_1 None 0 Dec 05 12:03 dir1

drwxr-xr-x 1 username_1 None 0 Dec 05 12:04 dir2

Linux GUI Method: This section will show you how to connect to the SFTP server from the Linux file manager. On the Linux machine, open the file manager and type the SFTP URL as shown below:

You will be asked to enter the SFTP username and password. Provide the required login details and click on the Connect button. Once you are connected to the SFTP server, you will see the Cygwin directory structure just like the one shown in the screenshot below:

Cygwin directory structure

Access SFTP Server from Windows System

You can also access the SFTP server from the Windows system using the WinSCP utility.

Step 1: On the Windows system, launch the WinSCP utility. You should see the following screen:

Access SFTP Server from Windows System

Step 2: Provide protocol details, IP address, Port, Username, and Password, and click on the Login button, and you will be connected to the SFTP server. From there, you can download and upload any file and directory to and from the SFTP server.

Alternatives SFTP Tools for Windows

There are lots of alternative tools out there for setting up and using SFTP servers on Windows. However, here are some of the best tools we recommend:

  1. SolarWinds SFTP SCP Server (FREE TOOL) A free SFTP server for secure network file transfers. It was designed with network administrators in mind, which they can use to securely push OS images and firmware and configuration updates, backup configuration files, and transfer files up to 4 GB. FTP SCP Server is a great tool for managing the configuration backups and system updates of cloud services and resources. The SFTP/SCP server runs as a service, but some basic configuration may be necessary to ensure the SFTP/SCP server performs in a way that works best within your environment.
  2. Files.com SFTP Server A cloud-native Managed File Transfer (MFT), automation, and integration platform that enables organizations to securely store, transfer, and share files between users, teams, and organizations. Files.com is one of the largest providers of cloud-based SFTP in the world, and offers SFTP primarily as an integration tool to enable connectivity to some other application that supports SFTP but has no direct integration with Files.com. For instance, Files.com supports integration with Microsoft Azure Blob Storage. This allows you to mount Microsoft Azure Files file share directly into Files.com as a folder.
  3. ExaVault SFTP A cloud service that operates as a mediator for file transfers. ExaVault SFTP server offers SFTP, FTPS, FTP-SSL, and optionally plain-old FTP. Webhooks, SSH keys, and a robust API let you programmatically control your SFTP site. Once you have set up SFTP file transfer with ExaVault, you can utilize additional features such as creating SSH keys, automations, and even integrating ExaVault services directly into your website or applications.