Page 1 of 1

[Feature Request] Separate SFTP server on the NAS

Posted: Sun Oct 25, 2020 6:01 pm
by dstel
Hello,

I would like to be able to allow internet SFTP connections to my NAS. I know how to do it (port forwarding, dns, etc). My concern is about security.

I would like to be able to start another SFTP servers that only chosen users can connect. I'll then port forward outside SFTP to this server port and be able to put very high security passwords for my friends. My family accounts can't be exposed to internet since their passwords are not very strong.

If anyone has a suggestion about how it can be technically done, I'm listening (and make my family choose strong password will not work).

Re: [Feature Request] Separate SFTP server on the NAS

Posted: Mon Oct 26, 2020 10:33 am
by orion
I think it's good to setup SFTP with a strong password. However, if I were you, I'll change port number. After all, a lot of robo intruders on internet are trying to guess different passwords for well-known internet services. Even if the password is strong enough, your CPU sill needs to process those fake requests.

Re: [Feature Request] Separate SFTP server on the NAS

Posted: Mon Oct 26, 2020 5:14 pm
by father.mande
Hi,

If you have some knowledge in Linux, you can try to install Entware APKG (1900+ packages) and start your private SFTP (openssh-sftp-server - 8.3p1-2 - OpenSSH SFTP server)with private port.
Entware have a mechanism (based on init.d) to start services / servers at Entware start time.

Entware used by default same (link to) passwd, shadow, group (and if need gshadow, shells (rare to be changed)) BUT it's possible to use separate users ... this require to use Entware Busybox and / or adduser, this tools search for /opt/etc ... so manage the separate one ... where A.D.M. tools search only in /etc ... so this require to be organized ...

Philippe.

Re: [Feature Request] Separate SFTP server on the NAS

Posted: Thu Nov 05, 2020 2:16 am
by dstel
I solved this issue by installing a atmoz/sftp container in portainer.