SFTP Server

 

Our SFTP (Secure File Transfer Protocol) server is a secure place to store files we do not wish to make public yet. It can be accessed with a variety SFTP programs and command line tools. All files uploaded to or downloaded from the are encrypted using modern very difficult to crack methods. If you are careful, and observe some basic security practices we can be confident that anything placed on this server will not fall into the wrong person’s hands.

Software and Addresses

You will need a username and SFTP client. Filezilla is a good one, and WinSCP is another popular one. These both let you copy files to and from the server and are not difficult to use, but can sometimes be counterintuitive.

The server address is one of the following depending on how your SFTP client asks for it.

  • sftp://sqeaky.doesntexist.com:7777
  • sftp://sqeaky.doesntexist.com on port 7777

Double Checking your First Connection

The first time you connect to the server, your SFTP client will ask you about the server’s RSA Fingerprint. This is a big number that is used by the software to verify the authenticity of the server. The RSA Fingerprint of our server is “62:db:88:24:10:44:94:7c:30:4d:bc:54:8f:7e:bc:fb”. You will be asked if server’s fingerprint matches this one. If it does match, then great, you have just mathematically proven you have a secure connection to the SFTP server. If not, Contact Us or Sqeaky, it is most likely a typo, but on the off chance we actually have some hacker screwing with us Sqeaky will want to see it.

You should have been given your username and a default password from the system admin who gave you access to the system. This will be the last information your SFTP client asks before letting you see files on the server.

Where is Stuff on the Server

  • Where is my stuff?
    • Your stuff is located in “/home/“. So if your username is “jdoe” look in “/home/jdoe”.
  • Where are the git backups of the Mezzanine repository?
    • They should be in “/home/gitbackups” and they should be updated weekly?
  • Where is a good place to put stuff that everyone should be able to edit?
    • Put globally editable stuff into “/home/Public” on the SFTP server.

Changing your Password

Unfortunately most SFTP clients don’t have an easy way to change your password. The way around this is to connect using a command line tool and enter a simple command to change your password. You can use Putty (for windows users) or the command line ssh.

Connecting with Putty

To connect with Putty on windows you will need to enter the server address, port information, user name and password into the boxes on the screen when you run the program.

Connecting with ssh

To connect using the ssh command line tool on Mac OS or Linux enter the command “ssh -lusername sqeaky.doesntexist.com -p7777″. Don’t forget to replace “username” with your username. Then you will be prompted for your current password. As you type nothing will be displayed on the screen, but don’t worry the server knows what you are typing.

Running Commands

Once you are logged in you can enter any valid Linux command, then press enter to run it. To change your password you only need two commands:

passwd – Changes your password, type “passwd” then hit enter, then answer the questions as they come up. Don’t be alarmed when you don’t see stars as you type, prompts asking for passwords will display nothing.

exit – Type this and press enter to log out of the server.

If you want to do more you can, but it is not required, any Linux commands will work using putty.

Other Thoughts

Filezilla and WinSCP – Both of these are sftp clients with way too many options. Filezilla has slightly cleaner user interface, and should be easier to use. You will need to put the server address into one of these pieces of software to get connected for copying files.

If you happen to use Linux you can use a Gnome or KDE file manager (nautilus or dolphin) window and simply type the server address into the address bar. I have tested bookmarking these kinds of addresses works well.

Advanced Permissions

By default other users cannot edit files that you put on the server, but they can read/open them. If you want to change what other users can do to files you made change the permissions on a file. The sftp/scp client you use should have an option for this. If you want to change it forever add the following commands to a new line at the end of the file “.bashrc”. That script runs each time you log in. Add “umask 000″ and all files you make will be editable by all or add “umask 066″ and no one will be able to open files you make (except for a system admin).

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>