DEV Community

Cover image for Guide to Creating an SFTP Server with Docker (using SSH keys)
Tshenolo Mos
Tshenolo Mos

Posted on

Guide to Creating an SFTP Server with Docker (using SSH keys)

#docker #sftp #ssh

This guide will show you how to make a Docker image step by step that works as an SFTP server. By the time we wrap up, you’ll have a simple but secure SFTP server up and running in a Docker container. If you’re keen on getting your hands dirty or just want to dive right into the code, you can find the full project on GitHub. Go ahead and grab it from tshenolo/docker-sftp-server-with-sshkey

Table of Contents

  • Introduction
  • Prerequisites
  • SSH Key Configuration
  • Set Up the Docker File
  • Build Your Docker Image
  • Running the Docker Container
  • Verifying the Container’s Status
  • Connecting to the SFTP Server
  • Using the SFTP Server
  • Conclusion

Introduction

An SFTP server provides a secure way to transfer files between computers over an encrypted SSH transport. Docker allows you to package an SFTP server with all its dependencies into a standardized unit for software development, ensuring easy deployment and scalability.

Check out my Youtube Channel where I post all kinds of content accompanying my posts, including this video showing everything in this post.

Prerequisites

  • Docker installed on your machine.
  • Basic understanding of Docker and SFTP.
  • Git is also required to clone the repository.
  • Basic knowledge of command-line operations is assumed.

SSH Key Configuration

Generate SSH Key

If you do not already have an SSH key pair, you can generate one using the following command:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -f $HOME/.ssh/id_rsa
Enter fullscreen mode Exit fullscreen mode

Set Permissions

Ensure your private key (~/.ssh/id_rsa) is kept secure with the appropriate permissions:

chmod 600 ~/.ssh/docker_rsa
Enter fullscreen mode Exit fullscreen mode

Ensure your SSH key is loaded and available

Make sure the SSH key you’ve generated and added to GitHub is loaded into your SSH agent.

eval "$(ssh-agent -s)"
Enter fullscreen mode Exit fullscreen mode

If you haven’t already, you can load your SSH key into the SSH agent by running:

ssh-add ~/.ssh/docker_rsa
Enter fullscreen mode Exit fullscreen mode

Set Up the Docker File

There are two approaches to setting up your Docker environment: either by creating a new Dockerfile from scratch or by cloning an existing GitHub repository.

Option 1: Create the Dockerfile

To create your Dockerfile manually, proceed with the following steps:

  1. Initiate a Dockerfile: In your preferred directory, open a new file named Dockerfile.
  2. Insert the Dockerfile Content: Populate your Dockerfile with the following configuration: 
# Use Ubuntu latest as the base image
FROM ubuntu:latest

# Avoid prompts from apt
ENV DEBIAN_FRONTEND=noninteractive

# Update packages and install OpenSSH Server and vim
RUN apt-get update && \
    apt-get install -y openssh-server vim && \
    rm -rf /var/lib/apt/lists/*

# Set up user for SFTP with no shell login
RUN useradd -m -d /home/sftpuser -s /usr/sbin/nologin sftpuser && \
    mkdir -p /home/sftpuser/.ssh && \
    chown sftpuser:sftpuser /home/sftpuser/.ssh && \
    chmod 700 /home/sftpuser/.ssh

# Copy the public key
# Ensure you replace 'docker_rsa.pub' with your actual public key file name
COPY docker_rsa.pub /home/sftpuser/.ssh/authorized_keys

# Set permissions for the public key
RUN chmod 600 /home/sftpuser/.ssh/authorized_keys && \
    chown sftpuser:sftpuser /home/sftpuser/.ssh/authorized_keys

# Create a directory for SFTP that the user will have access to
RUN mkdir -p /home/sftpuser/sftp/upload && \
    chown root:root /home/sftpuser /home/sftpuser/sftp && \
    chmod 755 /home/sftpuser /home/sftpuser/sftp && \
    chown sftpuser:sftpuser /home/sftpuser/sftp/upload && \
    chmod 755 /home/sftpuser/sftp/upload

# Configure SSH for SFTP
RUN mkdir -p /run/sshd && \
    echo "Match User sftpuser" >> /etc/ssh/sshd_config && \
    echo "    ChrootDirectory /home/sftpuser/sftp" >> /etc/ssh/sshd_config && \
    echo "    ForceCommand internal-sftp" >> /etc/ssh/sshd_config && \
    echo "    PasswordAuthentication no" >> /etc/ssh/sshd_config && \
    echo "    PubkeyAuthentication yes" >> /etc/ssh/sshd_config && \
    echo "    PermitTunnel no" >> /etc/ssh/sshd_config && \
    echo "    AllowAgentForwarding no" >> /etc/ssh/sshd_config && \
    echo "    AllowTcpForwarding no" >> /etc/ssh/sshd_config && \
    echo "    X11Forwarding no" >> /etc/ssh/sshd_config

# Expose the SSH port
EXPOSE 22

# Run SSHD on container start
CMD ["/usr/sbin/sshd", "-D", "-e"]
Enter fullscreen mode Exit fullscreen mode

Option 2: Clone the Repository

If you prefer to work with an existing setup clone the GitHub Repository:

git clone https://github.com/tshenolo/docker-sftp-server-with-sshkey.git
Enter fullscreen mode Exit fullscreen mode

Change your current working directory to the newly cloned repository:

cd docker-sftp-server-with-sshkey
Enter fullscreen mode Exit fullscreen mode

To ensure SSH key-based authentication for your SFTP server, place your SSH public key into the working directory:

cp $HOME/.ssh/docker_rsa.pub .
Enter fullscreen mode Exit fullscreen mode

Build Your Docker Image

To build your Docker image, run the following command in the directory containing the Dockerfile:

docker build -t your_sftp_server .
Enter fullscreen mode Exit fullscreen mode

Running the Docker Container

To run your SFTP server container without data persistence, you might use a command like this:

docker run -d --name my_sftp_container -p 2222:22 your_sftp_server
Enter fullscreen mode Exit fullscreen mode

To ensure that uploaded files are not lost when the container stops or is removed, you should persist data by mapping a directory from your host machine to a directory inside the container

docker run -d -v /local/sftp/upload:/home/your_user/sftp/upload --name my_sftp_container -p 22:22 your_sftp_server
Enter fullscreen mode Exit fullscreen mode

Verifying the Container’s Status

Check if the container is running with:

docker ps
Enter fullscreen mode Exit fullscreen mode

View logs with:

docker logs my_sftp_container
Enter fullscreen mode Exit fullscreen mode

Connecting to the SFTP Server

Connect to your SFTP server using:

sftp -oPort=2222 sftpuser@0.0.0.0
Enter fullscreen mode Exit fullscreen mode

Using the SFTP Server

Basic SFTP commands like ls (list files), put (upload files), get (download files), and rm (remove files)

Listing Files with ls

ls /path/to/directory
Enter fullscreen mode Exit fullscreen mode

Uploading Files with put

put example.txt /remote/directory/example.txt
Enter fullscreen mode Exit fullscreen mode

Downloading Files with get

get example.txt /local/directory/example.txt
Enter fullscreen mode Exit fullscreen mode

Removing Files with rm

rm example.txt
Enter fullscreen mode Exit fullscreen mode

Conclusion

You’ve got a simple, safe SFTP server up and running in a Docker container now. This gets you started on the right foot for secure file transfers. But if you’re gearing up for realworld use, you’ll want to tweak and toughen things up more to fit your unique requirements and shield against possible security holes. Docker makes it a breeze to expand your SFTP server and keep it under control when it’s just one piece of a bigger app puzzle.

Thank you for reading this blog post. If you found the project helpful or interesting, here are a few ways you can show your support:

Star the GitHub Repository: If you haven’t already, please consider starring the Docker SFTP Server repository on GitHub. Your stars help us gain visibility and recognition in the open-source community.

🐦 Follow me on X
📺 Subscribe to my Youtube channel

Your support and engagement means a lot to me as an open-source developer.

Top comments (0)