Setting up a local SFTP server using docker
Setting up an SFTP server locally with Docker is a breeze. This guide walks you through creating a Docker Compose file, generating SSH host keys, and running the SFTP server container. Understand the importance of using both ed25519 and RSA host keys for compatibility and security.
Running an SFTP (Secure File Transfer Protocol) server can be tricky, especially if you’re not familiar with server administration (like me). But Docker makes it incredibly simple to get an SFTP server up and running in just a few steps.
Problem that I faced:
For the past few months I have been working on fintech services interacting with bank API’s, which led me to using SFTP for a task.
After I went through some articles on the internet on how to setup an sftp server locally, I felt really overwhelmed.
The next idea that came to my mind was — is it possible to setup a sftp server through docker? I ended up on this github repository, atmoz.
Let’s start from the start!
What is SFTP?
SFTP stands for Secure File Transfer Protocol. It is a safe way to transfer files over a network.
SFTP is based on the Secure Shell (SSH) protocol, which encrypts the data being transferred. This means when you transfer files using SFTP, they remain secure and cannot be seen by anyone trying to snoop on them.
Why Use Docker?
Docker allows you to package an application and its dependencies into a container, which can run consistently across different environments.
This means you don’t have to worry about installing and configuring the SFTP server software yourself – Docker takes care of it all for you.
Setting up the SFTP Server
- Create a new directory for your project and navigate to it.
- Create a docker-compose.yml file with the following content:
version: '3.7'
services:
sftp:
image: atmoz/sftp
volumes:
- ./files:/home/files/upload
- ./ssh/ssh_host_ed25519_key.pub
:/home/files/.ssh/keys/ssh_host_ed25519_key.pub
:ro
- ./ssh/ssh_host_rsa_key.pub
:/home/files/.ssh/keys/ssh_host_rsa_key.pub
:ro
ports:
- "2222:22"
command: files:kiaev6:1001
networks:
- sftp
networks:
sftp:
Here’s a breakdown of the configuration:
- image: atmoz/sftp: This specifies the Docker image (
atmoz/sftp) that will be used to run the SFTP server. - volumes: -
<host-dir>/upload:/home/foo/upload: This mounts the<host-dir>/uploaddirectory on the host machine to/home/foo/uploaddirectory inside the container. This means that files placed in<host-dir>/uploadon the host will be accessible in/home/foo/uploadwithin the container. - ports: - “2222:22”: This maps port
2222on the host to port22inside the container. It means you can connect to the SFTP server on port2222from your host machine. - command: foo:pass:1001: This part specifies the user credentials and UID (
1001) for the SFTP user within the container.foo: This is the username (foo) for the SFTP user.pass: This would typically be the password associated with the user (foo), although in practice, it’s recommended to use more secure authentication methods like SSH keys.1001: This is the UID (User ID) assigned to the user (foo) within the container. User IDs in Docker containers are often mapped to specific numeric values for file permissions and user management purposes.
- Create the
filesandsshdirectories:
mkdir -p files ssh
- Generate SSH host keys and copy them to the
sshdirectory:
ssh-keygen -t ed25519 -f ./ssh/ssh_host_ed25519_key
ssh-keygen -t rsa -b 4096 -f ./ssh/ssh_host_rsa_key
Why Two Keys?
Two keys got me wondering why we need two different SSH host keys (ed25519 and RSA). This is to ensure compatibility with different SSH clients and implementations.
Some older clients may only support the RSA algorithm, while modern clients support the more secure ed25519 algorithm.
Having both keys allows the SFTP server to negotiate the most secure algorithm supported by both the client and server during the SSH handshake process. It also facilitates key rotation and algorithm agility for better security.
- Run the SFTP server:
docker-compose up
Connecting to the SFTP Server
You can connect to the SFTP server using an SFTP client like FileZilla or the command-line sftp utility. Using the command:
sftp -P 2222 files@localhost
Enter the password when prompted.
Once connected, change the directory to where your file is and use the get command to download the file:
get data.csv
Replace data.csv with the file that you want to download.
With Docker, setting up an SFTP server is as simple as writing a few lines of configuration and running a couple of commands. No more manual server configuration or complex setups – just a hassle-free way to spin up an SFTP server whenever you need it.
Thank you for reading this blog.