Compared with the high-efficiency FTP protocol, SFTP only occupies one TCP port 22 by default, and uses an SSH encrypted tunnel, which is theoretically safer and more stable than FTP.
To build an SFTP server, here we use freesshd to achieve it; after the server is successfully built, to achieve public network access, I choose to use it, which cpolar内网穿透supports http/https/tcp protocols, does not limit traffic, does not require public network IP and does not need to set up routers, use It is relatively simple. After the local installation is completed, create a tunnel mapping port 22 to obtain the public network TCP port address to achieve remote connection.
1. Build an SFTP server
1.1 Download freesshd server software
Download link: http://www.freesshd.com/?ctt=download
-
select
freeFTPD.exedownload -
After downloading, click Install
-
After installation, it will prompt whether to start the background service, select
Yes -
Click the start menu - freeFTPd, note : here you need to click the right mouse button
以管理员权限to open freeFTPd, if you open freeFTPd as a normal user, you will not be able to save the configuration .
- The main interface is as follows, we can see that the SFTP status is not started.
1.3 Start the SFTP service
- Select SFTP, as shown in the figure below, we see that the current SFTP status is Stopping, and we click
startthe button.
- The status will change to Running..., as shown below.
1.4 Add user
- Select the Users option window and click the Add button to add users.
-
Add a test user aaa here. The authentication method can choose WINDOWS authentication and password authentication. In this example, we choose independent password authentication.
-
User directory, we create a separate SFTP root directory for the user.
-
After creating, click
Applythe button to save. -
And don't forget to configure the directory permissions of the SFTP root directory folder.
1.5 Save all configurations
- Click
Apply & Savethe button below. Save all configuration write configuration files.
Note: If the error window of unable to write configuration pops up, it means that you started freeFTPd as a normal user before and cannot save the configuration file. You need to reopen freeFTPd with administrator privileges to write the configuration file normally. Re-execute step 1 and save again.
- The saved result is shown in the figure below.
2. Install the SFTP client FileZilla test
Download address: https://www.filezilla.cn/
- Open after installation, as shown below
2.1 Configure a local SFTP site
- Click on the software toolbar
打开站点管理器, as shown below.
- Click
新站点the button.
We create a new site with a customizable name.
- Select Protocol: SFTP
- Server IP: Because it is on the server, choose 127.0.0.1
- Port number: select 22
- Username: Create a user when setting up the sftp server for us, in this case aaa
- Password: Enter the password of user aaa
After configuration, click 连接the button.
- When prompted whether to save the password, click OK.
- When connecting for the first time, it will prompt whether to trust the host, tick and confirm.
2.2 Intranet connection test is successful
- We can see that the directory list on the server side has been obtained, indicating that the connection is successful.
3. Realize remote access to SFTP on the public network
3.1 Install cpolar intranet penetration
- For public network remote access, we use cpolar intranet penetration to achieve. Enter the cpolar official website, register an account, and then download the installation package and decompress it all the way to the default installation.
cpolar official website: https://www.cpolar.com/
- After the cpolar installation is complete, we open the browser to access 127.0.0.1:9200, and log in to the cpolar web ui management interface with the cpolar email account just registered
3.2 Create an SFTP tunnel
隧道管理Select – on the left dashboard 创建隧道, let’s create a new tunnel pointing to port 22, tcp protocol:
- Tunnel name: tunnel-sftp (you can customize it, just don’t repeat it)
- Protocol: TCP
- Local address: 22
- Region: Select China Top in this example
Click 创建the button.
After the tunnel is successfully created, you can view the tunnel we just created in the tunnel list.
3.3 Get the public network address
Click the status on the left dashboard - list of online tunnels, and you can see the public addresses of all local online tunnels. You can see that the public network address of the SFTP tunnel we just created is 3.tcp.cpolar.top:12284, where 3.tcp.cpolar.topis the public network address and 12284is the port number.
4. Use the SFTP client to connect to the public network address for testing
4.1 Adding a new site
We open filezilla, and add a new site according to the operation method of step 2. In the toolbar, open the site manager and add a new site.
We named the site this timecpoalr sftp
- Protocol: SFTP
- Host: 3.tcp.cpolar.top (this example may be different from yours, refer to the online tunnel list)
- Port: 12284 (this example may be different from yours, please refer to your online tunnel list)
4.2 Connect to the sftp server successfully in public network
It can be seen that the SFTP server has been successfully connected through the public domain name provided by cpolar.
PS: If there is a problem of garbled characters in the Chinese directory, it can be solved by configuring the character set in the SFTP client:
- Set the charset to
GBK- [Because most of the linux character sets are changed to UTF-8 for common use at present, and the default character set of Windows is GBK, so you only need to set the character set to GBK, and there will be no garbled characters]
PS: It should be noted that since the free package is used in this example, the public network address and port of the sftp site will change within 24 hours, which is inconvenient for frequent use. It can be upgraded to a professional package or above, and configured as a fixed TCP port address tunnel, and the bandwidth will also increase to 3M.