Thursday, January 27, 2011

how to provide a web interface to sftp server

We need to securely serve files to our clients. We want the transport to be encrypted, users should require user/password and they should be able to access their files through the web, ftp/sftp and curl.

The obvious idea is to use openssh and its sftp server. However, I don't see how to provide a web interface to the sftp server.

In other words, while most clients will use automated scripts to get their files, they may have an occasional need to get the files manually from a web page (which means they need to manually type in their user/password)

Any ideas?

edit: Sorry, forgot to mention that we intend to serve these files off a linux server

  • Have you considered the File Manager inside Usermin? You can serve Usermin over HTTPS and that will be secure, and while you didn't mention what OS you're using, Webmin/Usermin are available for a wide variety of systems.

    : Looks like usermin/webmin is for internal users, rather than external clients who should never see options to change passwords, add/remove users, etc. Did I misread the usermin page?
    mfinni : It does look like UserMin is meant for what you say, but @Josh was specifically calling out the File Manager component of it, which should do what you want. It does upload and download, according to the docs. Just make sure the users have no rights to anything you don't want them to.
    Josh : @mfinni that's correct. I wasn't aware of any other web based sftp solutions so I figured I'd suggest usermin. There may be better alternatives out there that I'm not familiar with.
    From Josh
  • You'll want them to login over HTTPS and provide download links via https:// and change the content-type so the files don't load in the browser window.

    You may be able to provide sftp:// links but they will only work if the users have a properly configured client and will likely require that they login again.

    : I'm trying to avoid the need to 'provide download links' myself. I was hoping for a simple web front-end to an sftp server that does this for me.
    From Chris Nava
  • Having "sftp://" links will indeed require you have a sftp-capable client registered to handle the sftp UNC and will also require a re-login unless you provide the username/password in the unc... i.e. sftp://user:password@x.x.x.x/path/file. This really defeats the purpose of having a separate sftp server from the http server.

    Why not simply establish a HTTPS session with whatever authentication method you choose to use, and let the http server dish out the files? If you're using apache, you can allow directory browsing, and it will auto-generate the directory listing from a specific directory... and you can make the sftp pull from the same directory. (if you wish to use both)

    If you are stuck on using sftp... don't forget to restrict user logins using ssh to ONLY allow sftp and/or scp... or you will be leaving yourself open to a big security hole.

    : This sounds interesting...but some things aren't clear to me. Can you point me to some material that shows how to do this? --developer trying to do admin stuff :)
    From TheCompWiz
  • Why do is there a requirement for sftp? Have you considered just setting up an webdav? With webdav users will be able to but put and get files directly via HTTP(S).

    From Zoredache
  • maybe this will help ?: http://sftp.thinfile.com/sftp/

  • You could always provide a short tutorial on how to download and use an SFTP client, for those occasional uses.

0 comments:

Post a Comment