Looking to replace my ftp server software with something faster

arnemetis

2[H]4U
Joined
Aug 2, 2004
Messages
3,169
Hi everyone! I'm looking to upgrade off of my tried and true ftp server to some other method that can keep up with modern speeds. This server is meant for myself and others to access specific folders of content, and everyone buy myself should have read only access. FTP's limitation lies in a single thread for the connection, and every alternative piece of software I've tried that segments the downloads has various issues. I need to be able to make accounts, and specify specific main folder access. Ideally there would also be groups, so 4 people for example could be under Friends, and they all have the same shares. Other than that I'm looking for superior speed and any upgrade to security would be a plus. 2MB/sec just doesn't cut it anymore. Due to the quantity of data any kind of cloud based service is out of the question.

Edit: System is running windows 10.
 
Last edited:

bman212121

[H]ard|Gawd
Joined
Aug 18, 2011
Messages
1,815
FTP is garbage anyway. Simply using SFTP on basically any linux box should give you about 200mbps (25MBps) without having to tweak anything.

A guide for Ubuntu on how to grant SFTP to users without granting SSH.
https://www.digitalocean.com/commun...ble-sftp-without-shell-access-on-ubuntu-16-04

Bonus points if you set their user accounts to use SSH keypairs and disable passwords completely.

Info about using keypairs with WinSCP
https://winscp.net/eng/docs/ssh_keys#user_public_key

A guide on how to generate a keypair on your client (Use this for a better explanation, use the one below for actually generating the keypair)
https://www.jscape.com/blog/setting-up-sftp-public-key-authentication-command-line

Another guide on how to make a better keypair (Use this one's command, use the one above for a better explanation of what you're doing)

Long / short

Each user will need to go through these steps on THEIR pc, not the server. They will generate a private key which is theirs and theirs only. They need to put a passphrase on this and guard the file as it's what provides them and / or anyone who has that file access. The public key is the part they will give to you, the server operator, to load onto your server. There is no harm in the public key being shown to whomever because it mearly allows the server operator to grant access to whomever has the matching private key. So they can email the public key to you or whatever as it doesn't grant access by itself and doesn't need to be secret.

Either use puttgen if you're on Windows and select "ED25519" at the bottom. Click generate. Add in a passphrase and type it in again to confirm. Click the save private key button and name it. Click the save public key button and name that the same name.pub. Note those two files are putty specific, so in order to get something you can use on linux there are two other files you can make. If you click conversions > export openssh key, that will export your private key in a format that is openssh compatible. You shouldn't need to do this as WinSCP is compatible with the putty private key format. In the the text box however it states "public key for pasting into openssh authorized_keys file". You need to copy that blob out and that's what you would give to the server operator. They put that into each user's authorized keys file, and that will grant the user who has the matching private key access to that user account.

If they are using Linux it's basically the same deal, but use the medium.com link which has this line:

ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "john@example.com"

The person generating it should change the comment from john@example.com to something relevant to them. When they go to sign in the server will display this letting the end user know what public key is on file. Once again the user should put a passphrase on the private key, and the private key stays on the system it was generated on. The public key is the part they will give to the server operator. There should be a id_ed25519 file and a id_ed25519.pub file. The one without the extension is the private key (It probably will say private key if you open it in a text editor) and the .pub extension should be the public key. Same rules apply as above, don't let the private key leave the system, but the public key is free to send however.

Finally after you get your user on the server to be set up without password authentication go disable it completely from the server.

https://www.cyberciti.biz/faq/how-to-disable-ssh-password-login-on-linux/
 
Last edited:

arnemetis

2[H]4U
Joined
Aug 2, 2004
Messages
3,169
What are you currently using?
Filezilla ftp over tls.
FTP is garbage anyway. Simply using SFTP on basically any linux box should give you about 200mbps (25MBps) without having to tweak anything.

A guide for Ubuntu on how to grant SFTP to users without granting SSH.
https://www.digitalocean.com/commun...ble-sftp-without-shell-access-on-ubuntu-16-04
Apologies, I need to update my post. I'm running windows 10 on that pc. I think I'm already running sftp as I'm using tls, is that right?
 

bman212121

[H]ard|Gawd
Joined
Aug 18, 2011
Messages
1,815
Filezilla ftp over tls.

Apologies, I need to update my post. I'm running windows 10 on that pc. I think I'm already running sftp as I'm using tls, is that right?

Nope, you're probably using FTPS (File Transfer Protocol Secure) not SFTP (Secure File Transfer Protocol). The difference is the first one is traditional file transfer with TLS riding on top. The second is an SSH tunnel with FTP inside of it. From 5 seconds on Google Filezilla doesn't support SFTP so you probably need to switch servers to something else that does.

EDIT:

So even on Windows 10 I believe you can do all of the same stuff for OpenSSH SFTP as I suggested above. I'm not entirely sure how to setup SFTP for passwordless auth on Windows, but you can in fact use the openssh SFTP-server.

https://winaero.com/enable-openssh-server-windows-10/

WinSCP also has a guide for this:

https://winscp.net/eng/docs/guide_windows_openssh_server
 
Last edited:

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
4,196
FTP is garbage anyway. Simply using SFTP on basically any linux box should give you about 200mbps (25MBps) without having to tweak anything.

A guide for Ubuntu on how to grant SFTP to users without granting SSH.
https://www.digitalocean.com/commun...ble-sftp-without-shell-access-on-ubuntu-16-04

Bonus points if you set their user accounts to use SSH keypairs and disable passwords completely.

Info about using keypairs with WinSCP
https://winscp.net/eng/docs/ssh_keys#user_public_key

A guide on how to generate a keypair on your client (Use this for a better explanation, use the one below for actually generating the keypair)
https://www.jscape.com/blog/setting-up-sftp-public-key-authentication-command-line

Another guide on how to make a better keypair (Use this one's command, use the one above for a better explanation of what you're doing)

Long / short

Each user will need to go through these steps on THEIR pc, not the server. They will generate a private key which is theirs and theirs only. They need to put a passphrase on this and guard the file as it's what provides them and / or anyone who has that file access. The public key is the part they will give to you, the server operator, to load onto your server. There is no harm in the public key being shown to whomever because it mearly allows the server operator to grant access to whomever has the matching private key. So they can email the public key to you or whatever as it doesn't grant access by itself and doesn't need to be secret.

Either use puttgen if you're on Windows and select "ED25519" at the bottom. Click generate. Add in a passphrase and type it in again to confirm. Click the save private key button and name it. Click the save public key button and name that the same name.pub. Note those two files are putty specific, so in order to get something you can use on linux there are two other files you can make. If you click conversions > export openssh key, that will export your private key in a format that is openssh compatible. You shouldn't need to do this as WinSCP is compatible with the putty private key format. In the the text box however it states "public key for pasting into openssh authorized_keys file". You need to copy that blob out and that's what you would give to the server operator. They put that into each user's authorized keys file, and that will grant the user who has the matching private key access to that user account.

If they are using Linux it's basically the same deal, but use the medium.com link which has this line:

ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "john@example.com"

The person generating it should change the comment from john@example.com to something relevant to them. When they go to sign in the server will display this letting the end user know what public key is on file. Once again the user should put a passphrase on the private key, and the private key stays on the system it was generated on. The public key is the part they will give to the server operator. There should be a id_ed25519 file and a id_ed25519.pub file. The one without the extension is the private key (It probably will say private key if you open it in a text editor) and the .pub extension should be the public key. Same rules apply as above, don't let the private key leave the system, but the public key is free to send however.

Finally after you get your user on the server to be set up without password authentication go disable it completely from the server.

https://www.cyberciti.biz/faq/how-to-disable-ssh-password-login-on-linux/
Yes, it's so simple it needs a paragraph just to explain it. :ROFLMAO::ROFLMAO:

FTP is dead simple and works for a lot of applications. It's why it's still supported on modern devices.
 

bman212121

[H]ard|Gawd
Joined
Aug 18, 2011
Messages
1,815
Yes, it's so simple it needs a paragraph just to explain it. :ROFLMAO::ROFLMAO:

FTP is dead simple and works for a lot of applications. It's why it's still supported on modern devices.

SFTP on a linux box is generally working by default without even needing to install anything. :p


The additional info I provided has more to do with doing it in a way that is actually secure versus just opening up your box directly to the internet. FTP isn't necessarily set and forget either if you actually care about the system you put it on.
 
Last edited:

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
4,196
SFTP on a linux box is generally working by default without even needing to install anything. :p


The additional info I provided has more to do with doing it in a way that is actually secure versus just opening up your box directly to the internet. FTP isn't necessarily set and forget either if you actually care about the system you put it on.
Yeah, but unless you're well versed in linux, finding a solution on the existing platform makes more sense.

For over the Internet, I always use IPSec vpn tunnels and dedicated vpn routers--so essentially everything just works the same as it would on the lan.
 

arnemetis

2[H]4U
Joined
Aug 2, 2004
Messages
3,169
Ok guys, thanks for the replies. It's something I may look into, though it's a lot involved than I had imagined! So to take this another direction, is there no software developed that offers folder level browsing & user control? Let's pretend ftp and sftp doesn't exist. I tried looking into https based serving but hit dead ends.
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
4,196
Ok guys, thanks for the replies. It's something I may look into, though it's a lot involved than I had imagined! So to take this another direction, is there no software developed that offers folder level browsing & user control? Let's pretend ftp and sftp doesn't exist. I tried looking into https based serving but hit dead ends.
What are you trying to accomplish? Just basically sharing files?
 

arnemetis

2[H]4U
Joined
Aug 2, 2004
Messages
3,169
What are you trying to accomplish? Just basically sharing files?
Yup. Want to share out based on access to various root folders, and control who has access via username & pass. Not looking for a cloud based middle man here.
 

bman212121

[H]ard|Gawd
Joined
Aug 18, 2011
Messages
1,815
So the best I can tell you is that you're asking for a server. Windows 10 is a desktop OS, not a server OS. If you used a server OS a decent chunk of the legwork will be done for you. If all of the people accessing the content are read-only downloads and no uploads, then you're basically just setting up a web server.

For what you're looking to do I would guess you can just mold a standard CMS into a sudo web file server. There are a number of plugins that should let you accomplish that on top of Wordpress.

https://kinsta.com/blog/wordpress-download-manager/

Another option is a private cloud solution like ownCloud or NextCloud

https://owncloud.com/
https://nextcloud.com/

Otherwise the other obvious options is to migrate the data to one of the many NAS applications like FreeNAS or openmediavault. They are designed for what you're trying to do and a simple client like WinSCP is all that is needed from the client side.

The last option would be to simply set up VPN access and then you can use whatever you want. Because the VPN is running the encryption that opens up things like SMB (Windows file sharing) between the machines.
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
4,196
Yup. Want to share out based on access to various root folders, and control who has access via username & pass. Not looking for a cloud based middle man here.
Read/write access or just read-only? Have you tried just using the ftp server I linked to? If that solves your issue then you're done. :)
 

arnemetis

2[H]4U
Joined
Aug 2, 2004
Messages
3,169
Read/write access or just read-only? Have you tried just using the ftp server I linked to? If that solves your issue then you're done. :)
Read only. I've not tried anything yet, just in research and exploration phase. I'm going to need some additional free time to try and deploy anything that I don't have right now.
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
4,196
Read only. I've not tried anything yet, just in research and exploration phase. I'm going to need some additional free time to try and deploy anything that I don't have right now.
Hmmm...with it being read-only, you could run a web server but that wouldn't give you the access control you want. For that, the ftp server I linked to should be great. It's also portable software so you can just run it--no install/uninstall mess. (y)
 
Top