I am trying to setup OpenSSH on Windows to provide SFTP sites. I am running into some problems with user security settings.
Here are the basic steps I've gone through to create a user:
- Create a new user on the host machine
- Add user to openssh passwd file with adjusted filepath for cygwin that points to the client's home folder (example: /cygdrive/e/homefolders/username)
- Allow user read/write access to their folder
The problem I am running into is that the user needs to have execute permission to the OpenSSH program folder for them to be able to login. I found I can disable access to specific folders such as "etc" but I'm concerned I have to provide permissions in here at all. When using FileZilla I am shown a folder hierarchy "/cygdrive/e/homefolders/username" and can browser the "/" to folders with read access.
Is there a specific strategy I should be using for proper security in this setup? A specific file or folder I might need to provide execute permissions on but nothing more? I would like to completely lock down everything except read/write access to their own folder but that doesn't appear to be possible.
Best Answer
How bad do you want SFTP? Cygwin is somewhat hacky, and OpenSSH for Windows is way, way outdated. My approach has been to use WebDAV which solves most of the problems you have:
IIS supports it, even on the version that comes with server 2000.