Skip to content
Klutch.sh Docs

Deploying OpenSSH SFTP Server

Introduction

OpenSSH SFTP (SSH File Transfer Protocol) server provides secure file transfer capabilities over an encrypted SSH connection. Unlike FTP, SFTP encrypts both commands and data, preventing passwords and sensitive information from being transmitted in clear text.

OpenSSH is the most widely deployed SSH implementation, developed by the OpenBSD project and used on millions of servers worldwide. The SFTP subsystem provides file transfer functionality that integrates seamlessly with SSH authentication and encryption.

Key features of OpenSSH SFTP include:

  • Encrypted Transfers: All data encrypted using SSH protocols
  • Strong Authentication: Public key, password, and multi-factor authentication
  • File Operations: Upload, download, delete, rename, and directory operations
  • Resume Support: Resume interrupted transfers
  • Permission Preservation: Maintain file permissions during transfer
  • Chroot Jails: Restrict users to specific directories
  • Bandwidth Limiting: Control transfer speeds
  • Logging: Comprehensive audit logging of all operations
  • Cross-Platform: Compatible with all major SFTP clients
  • Industry Standard: Widely supported and well-documented

This guide walks through deploying an OpenSSH SFTP server on Klutch.sh using Docker.

Why Deploy SFTP on Klutch.sh

Deploying an SFTP server on Klutch.sh provides secure file transfer infrastructure:

Secure Transfers: Encrypted file transfers for sensitive data.

Persistent Storage: Store uploaded files with persistent volumes.

User Isolation: Chroot users to their own directories.

Accessible Anywhere: Connect from any SFTP client worldwide.

Integration Ready: Receive files from applications and partners securely.

Prerequisites

Before deploying an SFTP server on Klutch.sh, ensure you have:

  • A Klutch.sh account
  • A GitHub account with a repository for your deployment
  • SSH keys or passwords for user authentication
  • An SFTP client for testing (FileZilla, WinSCP, cyberduck, etc.)

Deploying OpenSSH SFTP on Klutch.sh

    Create Your Dockerfile

    Create a Dockerfile in your repository:

    FROM atmoz/sftp:latest
    

    # Create user with specific UID and home directory
    # Format: user:password:UID:GID:directory
    # Users are passed via environment variables
    

    EXPOSE 22
    

    CMD ["/entrypoint"]

    Create User Configuration

    Create users.conf for defining SFTP users:

    # Format: username:password:uid:gid:directories
    sftpuser:password123:1001:100:upload,download

    For production, use hashed passwords or SSH keys.

    Push to GitHub

    Commit and push your Dockerfile to your GitHub repository.

    Create a New Project on Klutch.sh

    Navigate to the Klutch.sh dashboard and create a new project.

    Create and Configure the App

    Create a new app and connect it to your GitHub repository.

    Configure Traffic

    SFTP uses SSH port. Configure TCP traffic on port 22.

    Set Environment Variables

    Configure users and settings:

    VariableDescription
    SFTP_USERSUser configuration string

    Attach Persistent Volumes

    Add persistent storage:

    Mount PathRecommended SizePurpose
    /home50+ GBUser home directories and files
    /etc/ssh100 MBSSH host keys

    Deploy Your Application

    Click Deploy to build and launch your SFTP server.

    Connect with SFTP Client

    Use an SFTP client to connect:

    • Host: your-app.klutch.sh
    • Port: 22
    • Username: Your configured username
    • Password: Your configured password

Security Best Practices

  • Use SSH key authentication instead of passwords when possible
  • Configure chroot to restrict users to their directories
  • Enable audit logging for compliance
  • Regularly rotate SSH host keys
  • Use strong, unique passwords if password authentication is required

Additional Resources