Recently the release of the new version of the SFTPGo 2.2 server was announced, which allows to organize remote access to files using SFTP, SCP / SSH, Rsync, HTTP and WebDav protocols. The inclusion of SFTPGo can be used to provide access to Git repositories using the SSH protocol, in addition to the fact that the data can be sent both from the local file system and from an external storage compatible with Amazon S3, Google Cloud Storage and Azure Blob storage.
In SFTPGo data storage in encrypted form possible and to store the user database and metadata DBMS with support for SQL or the key / value format are used, such as PostgreSQL, MySQL, SQLite, CockroachDB or bbolt, but there is also the possibility of storing metadata in RAM, which does not require an external database connection.
Accounts are stored in a virtual user base it does not overlap with the system user database. SQLite, MySQL, PostgreSQL, bbolt, and memory storage can be used to store user databases. Means are provided for mapping virtual and system accounts; direct or arbitrary mapping is possible (one user of the system can be assigned to another virtual user).
SFTPGo supports authentication using public keys, SSH keys, and passwords (including interactive authentication with password entry from the keyboard). It is possible to bind multiple keys for each user, as well as configure multi-factor and stage authentication (for example, in case of successful key authentication, an additional password may be required).
For each user, you can configure different authentication methods, as well as defining your own methods, implemented by calling external authentication programs (for example, for authentication through LDAP) or by sending requests through the HTTP API.
You can connect external controllers or HTTP API calls to dynamically change the user parameters that are called before logging in. Supports dynamic user creation when connecting.
Of the main characteristics that stand out from SFTPGo, we can find the following:
- Access control tools that operate in relation to a user or directory
- Filters are supported for downloadable content in relation to individual users and directories
- It is possible to link controllers that start during various operations with a file
- Automatic termination of idle connections.
- The HAProxy PROXY protocol is supported to organize load balancing or proxy connections to SFTP / SCP services without losing information about the user's original IP address.
- REST API to manage users and directories, create backups and generate reports on active connections.
- Web interface (http://127.0.0.1:8080/web) for configuration and monitoring
- Ability to define configurations in JSON, TOML, YAML, HCL and envfile formats.
- Support for SSH connection with limited access to system commands
- Portable mode for sharing a shared directory with automatic generation of advertised connection credentials via multicast DNS.
- Simplified Linux system account migration process.
- Record storage in JSON format.
- Virtual directory support
- Cryptfs support for transparent data encryption
- Support for forwarding connections to other SFTP servers.
- Ability to use SFTPGo as an SFTP subsystem for OpenSSH.
- The ability to store credentials and confidential data in encrypted form using KMS (Key Management Services) servers, such as Vault, GCP KMS, AWS KMS.
Main new features of SFTPGo 2.2
In this new version that was presented, we can find that added support for two-factor authentication by using unique passwords for a limited time (TOTP RFC 6238). Applications like Authy and Google Authenticator can be used as authenticators.
Also the ability to expand functionality through plugins was implemented. Among the add-ons already available: support for additional key exchange services, Publish / Subscribe schema integration, storage and retrieval of event information in the DBMS.
The REST API adds support for key authentication, in addition to JWT tokens, and also provides the ability to set data retention policies (limiting the lifetime of data) in relation to individual users and directories. By default, the Swagger user interface is enabled to navigate API resources without using external utilities.
Meanwhile in the web interface has added support for write operations (file upload, directory creation, renaming and deletion), implemented the ability to reset a password with email confirmation, integrated a text file editor and a PDF document viewer.
Also added the ability to create HTTP bindings to provide external users with access to individual files and directories, with the ability to set a separate access password, limit IP addresses, set link life, and limit the number of downloads.
Finally, if you are interested in knowing more about it, as well as the instructions to implement this SFTP server you can check the details In the following link.