Kurian

OpenSSH FTP Server

Introduction

SFTP Server by Kurian is based on the OpenSSH Server platform and it is configured as a secured, robust FTP server for any file transfer requirements. The AMI is shipped with a default FTP user but any number of users can be created as needed. This server is an excellent and secured choice for allowing both internal and external users to transfer files.

Supported platforms

Following distributions and versions of AMIs are available on AWS Marketplace:

Unsupported Configurations

Kurian releases latest, stable versions of open source software on popular Linux distributions. If you need a configuration that is not currently available in marketplace, send us your requirements to contact@kurianinc.us. Please include the following info in the email:

  • Name of Software to be on the AMI with version numbers.
  • Linux distribution and the version.
  • The EC2 instance type you plan to spin up from the AMI (optional).

Configuration

  • Note that with latest versions of the AMI, Kurian’s SFTP server starts up fully configured with a default user ftpusr. To check that try logging in as follows with instance-id as the password:

$ sftp ftpusr@EC2-NODE-IP

  • Continue configuring as described below and use the script provided to add more users if you need users in addition to ftpusr.

  • Spin up an EC2 node with this AMI with adequate storage on the root partition to support your file transfer requirements.
  • SSH into the new EC2 instance as user specific to the operating system. See Remote Access to EC2 Node below to see the users listed.
  • Open /etc/ssh/sshd_config and look at the following block towards the end, and make sure that PasswordAuthentication is set to yes, in the following section.
    Match group sftpusers
      PasswordAuthentication yes
      ChrootDirectory /sftp/%u
      X11Forwarding no
      AllowTcpForwarding no
      AllowAgentForwarding no
      ForceCommand internal-sftp
      PermitTunnel no

  • If /etc/ssh/sshd_config had to to modified restart the SSH daemon service:

    $ sudo service sshd restart

    Note: On Debian based systems the service could be ssh.

  • Create ftp users using the script /usr/local/bin/create-ftp-user.sh

    $ sudo /usr/local/bin/create-ftp-user.sh USER PASSWORD

  • Each user has the home directory at /sftp/USER and sub-directories Incoming and Outgoing. When the user if logged into SFTP server these subdirectories will be visible. If this directory structure needs to be custom, create that under the home directory and set owner and permission same as that the Incoming and Outgoing directories are configured with. Look up in /usr/local/bin/create-ftp-user.sh for directions on how the user directories are setup.

  • Check access to new SFTP server following standard FTP client procedures using any client as the default user or any other new user setup by you. From command-line, the sftp client can be started as follows:

    $ sftp ftpusr@EC2-NODE-IP

  • If the SFTP server is published with CNAME such a sftp.yourcompany.com, point the CNAME to the IP address. It’s recommended to use an EIP as you will have the freedom upgrade the SFTP server with a new AMI in the future.

Upgrade

  • Upgrade the SFTP server with the latest AMI.
  • Move any custom users manually to the new host.

Maintenance and Troubleshooting

Kurian can help with configuring Jenkins for your specific needs. Contact us with details to contact@kurianinc.us

Remote Access to EC2 Node

Following are the standard AWS defined users available when a node is provisioned:

  • Amazon Linux: ec2-user
  • Red Hat Linux: ec2-user
  • SuSE Linux: ec2-user
  • Oracle Linux: ec2-user
  • AlmaLinux: ec2-user
  • Rocky Linux: rocky
  • Fedora: fedora
  • CentOS: centos
  • Debian Linux: admin
  • Ubuntu: ubuntu

Kurian

© Kurian Inc