Connect Your SFTP to FileCloud

What is SFTP?

SFTP stands for Secure File Transfer Protocol; it is a secured version of the File Transfer Protocol or FTP, which is itself part of the Secure Shell or SSH Protocol. As their names imply, these protocols are used to easily transfer data and access permissions over an SSH data stream.

As vulnerabilities were discovered and access points exploited, SFTP was developed from FTP protocols, ensuring the availability of a secure connection that can be encrypted to transfer files within and between local and remote systems. Files can be transferred using WinSCP and SFTP clients.

FileCloud is a fine-tuned, enterprise-grade file sharing, sync, and storage solution. Admins and users can leverage granular sharing permissions and user/group policies to protect their data and efficiently collaborate on files.

Considering the existing file sharing solutions within FileCloud and the hyper-secure features that are built into the platform, SFTP/SCP protocols are not directly supported by the FileCloud platform.

However, for clients and consumers who wish to use SFTP with FileCloud, the Solution Experts team has prepared instructions on how to access and leverage SFTP resources using a Linux-based FileCloud on-prem server.

Step 1: Set Up the Connection

Host Name (IP address): The Full Domain Qualified Name or IP address of the SFTP server you are going to connect to.

Username: used to access the SFTP resources

Password: used to access the SFTP resources

The user used for mounting the SFTP resource must have Read/Write permission to the resource.

Step 2: Verify Your Information

It is important to verify the details of your software so that you can choose the appropriate installation. Install the relevant SFTP client for your operating system. Windows, Mac, and Linux users can use the following solutions or another of their choice.

Connect to the SFTP server using the client and your collected credentials. The example below is using the WinSCP solution:

Press the “Login” button:

If your login process is successful, switch to the Linux server where FileCloud is installed.

Step 3: Prepare the Server

Ensure that the following packages are installed on your server. All operations are performed as root user.

CentOS:

[root@server01 ~]# yum install -y fuse-sshfs sshpass

Ubuntu:

[root@server02 ~]# apt install -y sshfs sshpass

Step 4: Prepare the Folder Structure

Create a folder: /NetworkShares

CentOS/Ubuntu:

[root@server02 ~]# mkdir /NetworkShares

Then create a folder for the SFTP mount point:

CentOS/Ubuntu:

[root@server02 ~]# mkdir /NetworkShares/sftp

Check the folder owner for the newly created folders to ensure they are owned by the Apache running user.

CentOS:

[root@server01 ~]# chown apache /NetworkShares -R

Ubuntu:

[root@server02 ~]# chown www-data /NetworkShares -R

Step 5: Perform a Manual Mount

Acquire the Apache UID:

CentOS:

[root@server01 ~]# id apache

uid=48(apache) gid=48(apache) groups=48(apache)

Ubuntu:

[root@s02 ~]# id www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data)

Establish the manual test mount:

CentOS/Ubuntu:

[root@s01 ~]# sshfs -o allow_other,idmap=user,uid=48  testsftp@192.168.101.58:/home/testsftp  /NetworkShares/sftp/

Enter the password for testsftp@192.168.101.58.

The UID value here should be the UID of the apache/www-data user, though this depends on the Linux distribution.

Ensure the mount has been established:

CentOS/Ubuntu:

[root@s01 /]# mount |grep sftp

The output should be similar to this result:

testsftp@192.168.101.58:/home/testsftp on /NetworkShares/sftp type fuse.sshfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)

Check if resources are accessible:

CentOS/Ubuntu:

[root@s01 /]# ls -al /NetworkShares/sftp

The file listing should be presented as seen below. All file owners should be Apache or www-data user (depending on the Linux distribution).

Step 6: Set Up Automatic SFTP Resource Mount After Server Reboot

Create a file containing a secret SFTP user password:

CentOS/Ubuntu:

[root@s01 /]# echo ‘You_Super_Secret_Password’ > /root/sftp.pass

Create the /etc/fstab entry:

sshfs#user@sftp_server:/ NetworkSharessftp fuse ssh_command=sshpass\040-f\040/root/sftp.pass\040ssh,_netdev,rw,allow_other,reconnect,user,kernel_cache,auto_cache,uid=48,allow_other 0 0

The UID value here should match the UID of the Apache/www-data user, depending on the Linux distribution. (This should be one line in the fstab file, though it may be wrapped due to terminal settings.)

Perform a test command:

CentOS/Ubuntu:

[root@s01 /]# mount -a

Verify:

CentOS/Ubuntu:

[root@s01 /]# mount |grep sftp

On the output, you should see your mounted SFTP resource.

Step 7: Expose the Resource in FileCloud

Login to the FileCloud admin panel.

Go to the “Network Folders” option and click the “Add” button.

Choose “Local Area Network”, then “Next.”

Enter the name of the Network Folder and click “Next.”

Select “Normal mount” and click “Next.”

Enter the path to the mounted SFTP resource (/NetworkShares/sftp) and click “Next.” The path is case-sensitive!

Select “Use assigned permissions” then “Create share.”

Assign a user or group to this share, and click “Finish.”

The shared path will be displayed in the list. You can always manage permissions by clicking on the edit icon:

When users assigned to this share path log in to their FileCloud, they will be able to see and access the Network Folder.

Conclusion

FileCloud is a powerful, hyper-secure content collaboration platform (CCP) with a wide range of features, integrations, and customization options. FileCloud’s mission revolves around creating software that customers love to use, which means supporting the tools and protocols customers prefer, including SFTP.

With these step-by-step instructions, you can integrate your FileCloud environment with your SFTP shares, so you can collaborate with internal and external teams. Use your established folders, permissions, and processes while discovering how FileCloud can support your security, governance, and collaboration goals.

 

Article written by Marek Frueauff (Solutions Architect) and Katie Gerhardt (Junior Product Marketing Manager)