Windows Server 2022 SFTP

KB ID 0001779


Note: This will also work on Server 2019

There’s really no excuse to be using FTP any more, it’s insecure and your username, passwords and data are sent in clear text! So let’s put the secure in FTP and deploy Windows Server 2022 SFTP instead! 

Note: Yes there’s FTPS as well (and it’s not the same), that adds a secure layer to the old FTP protocol. SFTP is a completely different protocol and it runs on top os SSH (TCP Port 22).

Deploy Windows Server 2022 SFTP

Firstly let’s check what version of OpenSSH server is available to us, then install that version (in this example

Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~

Install Windows Server 2022 SFTP

Now start the service, and set the service ‘Startup type’ to automatic, so it will start when the server boots up.

Start-Service sshd

Set-Service -Name sshd -StartupType 'Automatic'

Configure Windows Server 2022 SFTP

Assuming you have the Windows Firewall on, we need to allow TCP port 22 though the local firewall.

New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH SSH Server' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 -Program "C:\Windows\System32\OpenSSH\sshd.exe"

Server 2022 Configure SFTP Firewall Settings

To be honest, that is the SFTP server up and running. Now you will need a user to access the service with. This can either be a LOCAL user on the SFTP server itself…

Server 2022 Local SFTP User

 …or a Domain User (if you joined the SFTP Server to be a Domain Member).

Server 2022 Domain SFTP User

Windows Server 2022 SFTP Upload Folder and File Locations

Be default each user that connects will have a folder created for them under the C:\Users folder that belongs to them. Some people might not like it in that location, (but remember we are essentially dealing with a *nix program here, and thats how *nix behaves).

Server 2022 SFTP User Folders

Setup a Windows Server 2022 SFTP Default Root Folder

If you want to have another folder as the root folder (remember then everyone is then using the SAME folder!) Then create that folder.

Server 2022 SFTP Root Folder

Then edit;


Note: Remember ProgramData is a hidden folder so you might not be able to see it!

Server 2022 Edit sshd config file

Locate ChrootDirectory and remove the word ‘none‘ after it, and then paste in YOUR folder path. Finally REMOVE the hash (or pound if your American) symbol from the start of that line (as illustrated). Dont forget to save the file and restart the ssh service (Restart-Service sshd).

Server 2022 Edit sshd config file

ALWAYS test that it works from the same subnet first, (to save really annoying your firewall admin). Here I’m uploading a test text file using the FileZilla client from another server.

Test SFTP Site

And to prove it’s not ‘smoke and mirrors‘ here’s the file.

Test SFTP Site

So now to make the server available to the outside world then, you either need to ‘Port Forward TCP Port 22’ from a public IP address to their servers internal IP address, or if the server has its own public IP (or you have one free). Create a static one-to-one NAT on the firewall, and allow TCP traffic on port 22 inbound.

Related Articles, References, Credits, or External Links


Author: PeteLong

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *