RafayAhmad/flux-sftp
1
0
Fork 0
Code Issues Pull requests Projects Releases 3 Packages Wiki Activity Actions
SFTP server implementation supporting virtual user authentication and jailed user directories.
24 commits 1 branch 3 tags 189 KiB
Find a file
Exact
RafayAhmad7548 402d9a5b82 key setup readme
2025-07-10 20:32:08 +05:00
src server private key conf and remove debug prints 2025-07-10 14:57:14 +05:00
.gitignore added readme 2025-07-10 17:53:41 +05:00
auth.db simple auth using sqlite 2025-07-07 07:46:50 +05:00
Cargo.lock some more config optinos and password auth with bcrypt hashing 2025-07-10 08:08:36 +05:00
Cargo.toml some more config optinos and password auth with bcrypt hashing 2025-07-10 08:08:36 +05:00
LICENSE license work pls 2025-07-10 18:39:35 +05:00
README.md key setup readme 2025-07-10 20:32:08 +05:00

README.md

Overview

FluxSFTP is a regular SFTP server with the following additions:

  • custom authentication (virtual users)
  • jail directories i.e. limit users to a certain directory

SQLite, PostgreSQL and MYSQL are supported for the database, Authentication can be done either via public key or password, password authentication uses bcrypt hashing with the default cost i.e. 12

Installation

Start by downloading the tarball from the latest release from the releases, then extract the tarball as follows

sudo tar -xzvf flux-sftp.tar.gz -C /

Database

before you can run the server you need to setup a database, SQLite, PostgreSQL and MYSQL are supported. get a database server running or simply create a sqlite database file and configure the server as mentioned in the configuration section. the database table should have a username field, and optionally public key and password for authentication, you can use either one authentication type or both, up to you. the public key field should not store the comment of the public key in the database, and for the passoword it should be hashed using bcrypt with default cost of 12.

Note that registering users must be done manually by inserting records into the database as of now.

User setup

create a user named fluxsftp as follows

sudo useradd -r -s /usr/sbin/nologin fluxsftp

this user needs to own the jail directory, make sure to change ownership of the jail directory you have specified in the config

sudo chown -R fluxsftp:fluxsftp /srv/sftp

When you register a new user make sure to create a directory for them in the jail directory and make sure it is owned by the fluxsftp user

Server Key

generate a key for the server as follows

sudo ssh-keygen -t ed25519 -f /etc/flux-sftp/server_key

also make sure that the server's private key is owned by fluxsftp

sudo chown fluxsftp:fluxsftp /etc/flux-sftp/server_key

Enable and Start

after you have configured the database you can start the server as follows

sudo systemctl start flux-sftp

and if you want enable on startup

sudo systemctl enable flux-sftp

Configuration

The configuration file is located at /etc/flux-sftp/config.toml, here is the default configuration:

[general]
listen_address = "0.0.0.0"
port = 2222
jail_dir = "/srv/sftp"
private_key_file = "/etc/flux-sftp/server_key"

[database]
driver = "sqlite"
path = "/var/lib/flux-sftp/auth.db"
# host = "127.0.0.1"
# port = 3306
# user = "testuser"
# password = "testpass"
# dbname = "testdb"
table = "users"
username_field = "username"
public_key_field = "public_key"
# password_field = "password"

Options

general

  • listen_address the address that the server listens on
  • port the port that the server listens on
  • jail_dir the directory that the all the users will be jailed into, each user will be jailed to the directory jail_dir/{username}, e.g. example_user will be jailed to /srv/sftp/example_user if jail_dir is set to /srv/sftp
  • private_key_file the private key for the server, the server will use this to present its identity

database

  • driver which database to use, can be sqlite, postgres, mysql. in case of sqlite path option must be specified and for postgres and mysql the relevant options to connect to the database must be specified
  • path path to sqlite db file, only specify if using sqlite
  • host host address for the database, only specify if using postgres or mysql
  • port port the database server is running on, only specify if using postgres or mysql
  • user database user, only specify if using postgres or mysql
  • password password for the database user, only specify if using postgres or mysql
  • dbname name of the database to use, only specify if using postgres or mysql
  • table the database table to query to get the hashed password or the public_key
  • username_field name of the database column which stores the username
  • public_key_field name of the database column which stores the public key, if this is not specifed this auth method will be disabled rejecting all requests
  • password_field name of the database column which stores the hashed password, if this is not specifed this auth method will be disabled rejecting all requests