[Feature Request] Separate SFTP server on the NAS

[dstel]

Hello,

I would like to be able to allow internet SFTP connections to my NAS. I know how to do it (port forwarding, dns, etc). My concern is about security.

I would like to be able to start another SFTP servers that only chosen users can connect. I'll then port forward outside SFTP to this server port and be able to put very high security passwords for my friends. My family accounts can't be exposed to internet since their passwords are not very strong.

If anyone has a suggestion about how it can be technically done, I'm listening (and make my family choose strong password will not work).

[orion]

I think it's good to setup SFTP with a strong password. However, if I were you, I'll change port number. After all, a lot of robo intruders on internet are trying to guess different passwords for well-known internet services. Even if the password is strong enough, your CPU sill needs to process those fake requests.

[father.mande]

Hi,

If you have some knowledge in Linux, you can try to install Entware APKG (1900+ packages) and start your private SFTP (openssh-sftp-server - 8.3p1-2 - OpenSSH SFTP server)with private port.
Entware have a mechanism (based on init.d) to start services / servers at Entware start time.

Entware used by default same (link to) passwd, shadow, group (and if need gshadow, shells (rare to be changed)) BUT it's possible to use separate users ... this require to use Entware Busybox and / or adduser, this tools search for /opt/etc ... so manage the separate one ... where A.D.M. tools search only in /etc ... so this require to be organized ...

Philippe.

[dstel]

I solved this issue by installing a atmoz/sftp container in portainer.