Secure File Transport Protocol (SFTP)¶
This is a basic method / protocol for transferring data based on the ancient and insecure File Transfer Protocol (FTP), only updated to be more secure. The internal system used by Rockstor is that included as a subsystem within the openssh server.
Unlike other file sharing systems like Samba/CIFS or Apple Filing Protocol (AFP) sftp has no built in discovery or service publishing components. This makes it a simpler system but one that requires a little more effort to connect with. Most notably is it required that you manually enter the Rockstor’s hostname or ip address on the clients that wish to connect.
The Rockstor SFTP System¶
By default no user other than root are allowed to login via ssh or use SFTP. This restriction improves security but means there are certain conditions that must be met to gain sftp access to a Rockstor share.
- the SFTP user must be a Rockstor user
- the SFTP user must also be the owner of an exported SFTP share
These restrictions make Rockstor’s SFTP implimentation more suited for individual storage needs as opposed to a shared storage area accessed by multiple users. In the following example we will setup a secure share for use by a single user, ie for secure file access / storage across client platforms.
Note also that the share or shares owned by the SFTP user will be mounted within a chroot environment, internally this is located at /mnt3/<username>/<sharename>.