**SFTP - Wikipedia **
##Requirements
- Server machine with dedicated 10+GB drive, 512MB RAM
- Wired server <-> internet connection during Debian installation
- Client machine (Linux,Windows,Mac,Mobile...)
- 500+MB USB drive or blank CD/DVD
- Download Debian.
- Write the downloaded ISO to USB drive.
- Windows: Win32diskimager
- Linux
sudo dd if=/path/debian.iso of=/dev/sdX(withsdXthe name of your USB drive as listed bylsblk) - Reboot to USB drive.
- Select
More options>Advanced graphical install - Follow the installation procedure.
- Use a strong password/phrase for your user accounts.
Allow administrator (root) logins: YesCreate an ordinary user accountYesGuided partitioning > Separate /home/ partition.- Software: only check
Standard system utilitiesandSSH Server.
- Finish install, remove USB drive/boot from disk.
- At login prompt,
login:root,password:your root password. - Check internet connectivity
ping -c3 debian.org - Check and remember your LAN IP address:
ip addr(remember it) - Update software
aptitude update; aptitude -y upgrade; aptitude -y dist-upgrade* Add your useradduser yourusername sudoto administrators * install firewall managementaptitude install ufw; ufw enable. - Open the firewall port
ufw allow 823/tcp.
- Edit SSH configuration:
nano /etc/ssh/sshd_config, change these values:
Port 823
PermitRootLogin no
PasswordAuthentication yes (remove #)
X11Forwarding no
- Add this at the end of the file:
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
- Press
Ctrl+XthenYto quit the editor and save. - Run
service ssh restart
On your client machine
Linux (graphical):
- Install the seahorse package from your package manager, or
sudo aptitude install seahorse. RunPasswords and Keysfrom yourApplications > Accesoriesmenu. ClickFile > New ... > Secure shell keyand follow instructions. - Open
sftp://yourusername@xxx.xxx.xxx:823/home/yourusernamein your file manager address bar, orFile -> Connect to server...and fill the required fields. - You can now store files there (
/home/yourusername/directory on your server). You can bookmark the location by dragging it to the file manager sidebar. - For improved security run
ssh -p 823 -i ~/.ssh/id_sftp yourusername@xxx.xxx.xxx.xxx, thensudo nano /etc/ssh/sshd_configand changePasswordAutenticationtono. Runsudo service ssh reload; thenexit.
Linux (command line):
ssh-keygen -f ~/.ssh/id-sftp #generate keypair
ssh-copy-id -i ~/.ssh/id_sftp.pub -p 823 yourusername@xxx.xxx.xxx.xxx #authorize your key on the server
ssh -p 823 -i ~/.ssh/id_sftp yourusername@xxx.xxx.xxx.xxx #test SSH connection
sudo nano /etc/ssh/sshd_config #change PasswordAutentication to no
sudo service ssh reload #reload ssh server
exit #close the SSH connection
sudo apt-get install sshfs #install SFTP filesystem mounting tool
mkdir sftp; sshfs -p 823 yourusername@xxx.xxx.xxx.xx sftp/ #create sftp/ directory and mount the SFTP filesystem on it
Windows:
- Download/install WinSCP.
- Run WinSCP
Tools > Run PuttyGen. ClickGenerateand follow instructions.Save private keyto a file. - TODO authorization
- Run WinSCP, enter Username, Host name (IP address), Port number:
823,Advanced>Authentication>Private key file, select your private key file.OK,Save,Connect.
- If your network is behind a NAT/Internet provider box you will need to setup redirections from port 823/TCP on the router to port 823/TCP on your server.
- You can setup a free (sub)domain name pointing to your server at https://https://freedns.afraid.org/domain/registry/
- Check the server's public IP:
curl ifconfig.mefrom the server. - Thanks https://github.com/GigabyteProductions/duraconf/commits/master/configs/sshd/sshd-pfs_config