How to Set Up an SFTP Server on Windows
Step-by-Step Instructions for Installing an SFTP Server on Windows
Unlike Linux, Windows doesn't come with built-in tools for setting up an SFTP server. Even FileZilla Server, a popular FTP server program, doesn't support SFTP natively. However, there is a solution: OpenSSH, a suite of programs for establishing secure server connections. OpenSSH provides sftp-server, which we'll use to set up an SFTP server on Windows. While OpenSSH was originally Linux-only, Microsoft has now ported it to Windows. You can download OpenSSH from here.
Once you've downloaded the OpenSSH zip file, complete the setup using PowerShell. Remember to open PowerShell as an administrator before running the following commands.
First, unzip the downloaded file using this command:
Expand-Archive -Path <String> `
-DestinationPath 'C:\Program Files'
Install sshd:
powershell.exe -ExecutionPolicy Bypass `
-File 'C:\Program Files\OpenSSH-Win32\install-sshd.ps1'
Create a firewall rule to allow inbound connections to your SFTP server:
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' `
-Enabled True -Direction Inbound `
-Protocol TCP -Action Allow -LocalPort [port number]
Start sshd with this command:
Start-Service sshd
Enable automatic startup of the SFTP server:
Set-Service -Name sshd -StartupType 'Automatic'
Your SFTP server is now ready for basic use. For additional configuration, you can modify the sshd_config file located at %programdata%\ssh. For example, to change the server's port number, uncomment and modify the port line:
Port [port number]
To change the root directory, uncomment and update the path:
ChrootDirectory [path]
To restrict the server to SFTP only, add these lines to the config file:
ForceCommand internal-sftp
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
To uninstall the SFTP server:
powershell.exe -ExecutionPolicy Bypass -File `
'C:\Program Files\OpenSSH-Win32\uninstall-sshd.ps1'
View recent logs for troubleshooting:
Get-WinEvent -LogName OpenSSH/Operational `
| Where-Object {$_.TimeCreated -ge (Get-Date).AddDays(-1)}
If this setup process seems daunting, consider using paid tools available on the market that offer the same functionality with a more user-friendly interface.
(Bonus) Setup for client side to connect to the SFTP server
Generate your own private key and public key:
ssh-keygen -t ed25519 -C "{description}"
By default, both private key (id_ed25519) and public key (id_ed25519.pub) will be stored under %USERPROFILE%\.ssh\.
Add your newly generated private key to the ssh-agent:
Start-Service ssh-agent
ssh-add $env:userprofile\.ssh\id_ed25519
Set up the SSH public key on the server side by creating a file named authorized_keys in the directory %USERPROFILE%\.ssh\ and adding the public key to this file.
Connect to the SFTP server:
sftp -P [port number] [server name]
Conclusion
OpenSSH is available on most platforms, so the setup should be similar across different systems. However, the tricky part is that some configurations might not be available on all platforms. Be sure to check the documentation if you run into any issues.
