1

I want a fast and flexible file server but I don't need encryption or authentication. How can I use SFTP for this on Linux systems?

Kyler Laird
  • 21
  • 3
  • I don't believe you can. SFTP is an upgrade on SCP, which is part of the SSH suite of utilities. while you can use other transport protocols like TLS or VPN, I don't believe you can just turn off the need for a secure transport tunnel. the S in SFTP is "Secure" afterall. – Frank Thomas Feb 10 '22 at 16:37
  • No, the S in SFTP is not for "Secure." The spec even passes off security to the channel: "This protocol assumes that it runs over a secure channel". https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-13 – Kyler Laird Feb 10 '22 at 16:42
  • ahem: https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol – Frank Thomas Feb 10 '22 at 17:14

1 Answers1

1

SFTP happens to be used by SSH servers but it's a well-developed protocol that works well on its own. The sftp-server developed by OpenSSH has no dependency on an SSH server; sftp-server uses standard input/output. (Other SFTP servers are similar.)

It is trivial to share a filesystem via SFTP, similar to what you might do with NFS but without the need for root access. I'll use socat as the daemon for this ad-hoc example, but xinetd would make a more permanent solution. The location of sftp-server is from my Ubuntu installation of the openssh-sftp-server package.

On the server:

mkdir shared_to_the_world
cd shared_to_the_world
socat tcp-listen:1234,reuseaddr,fork exec:/usr/lib/openssh/sftp-server

On the client:

mkdir /tmp/sftp_test
sshfs -o reconnect,ssh_command="nc my_sftp_server_address 1234 --" : /tmp/sftp_test
cd /tmp/sftp_test

Now your client (and anyone else's!) can seamlessly work with the files in the shared directory on the server. Both read and write are enabled, so be careful.

Consider using socat listen's "bind" and "range" options to limit the access to your server.

Giacomo1968
  • 53,069
  • 19
  • 162
  • 212
Kyler Laird
  • 21
  • 3
  • Consider instead using a secure transport such as TLS (or perhaps even SSH) to limit access to your server... – u1686_grawity Feb 10 '22 at 17:06
  • 1
    What's the benefit of TLS or SSH if you "don't need encryption or authentication"? It's just wasted overhead. – Kyler Laird Feb 10 '22 at 17:13
  • 1
    Why use SFTP at all then? Why not e.g. nfs4? – Richard Neumann Feb 16 '22 at 00:48
  • Although it wasn't specified in the question, not requiring root access is an advantage over (typical) NFS implementations in some cases. I've experimented with userspace NFS (and SMB) implementations, but they are not nearly as straightforward and readily available as this SFTP solution. In my current usage, I do seteuid()/setegid() calls so that all file access is handled as the owner of the calling VM. This was trivial to implement. NFS can likely do such things but it makes experimentation a lot more difficult, especially using the kernel server. – Kyler Laird Feb 17 '22 at 17:39