SFTP server
Introduction
- This how-to describes the method for setting up SFTP server on OpenWrt.
- It relies on Dropbear and openssh-sftp-server for secure authentication and file transfer.
- You can use any suitable SFTP client running natively on your OS.
Goals
- Transfer files to/from the router.
- Secure file transfer operations.
- Support OS specific clients.
Instructions
The SSH File Transfer (SFTP) is a file transfer protocol that works over SSH. It's like SCP but has more features. For a basic usage the low level SCP may be enough but if you need, for example, to mount drive then use the SFTP.
The vanilla OpenWrt out of the box has a small Dropbear SSH server.
But it doesn't support the SFTP and you need to install openssh-sftp-server
package.
The package comes from another OpenSSH server which is bigger but has more features and default on desktop systems like Ubuntu.
Many routers with OpenWrt as a stock firmware use it out of the box and the openssh-sftp-server
is installed too.
So for this routers you really don't need anything to do and just start using it.
But if not then install the required package:
opkg update
opkg install openssh-sftp-server
Testing
Enter the following URL in your SFTP client.
sftp://root@openwrt.lan/
Clients
- Windows: WinSCP - an advanced GUI client.
Proprietary
- Windows: FAR Manager - an advanced Norton Commander like file manager. Supports a plain SCP too.
Proprietary
- Linux, macOS, FreeBSD: far2l - an open source version of the FAR.
GPL-2
- Linux, macOS, FreeBSD: Midnight Commander - a Norton Commander like file manager. Supports a plain SCP too.
GPL-3
- Linux: GNOME Déjà Dup - a backup and sync tool.
GPL-3
- Windows, macOS, Linux, FreeBSD: rclone - a command-line program to manage files on cloud storage.
MIT
- Linux: SSHFS client
- Android: X-plore File Manager
- Android TV, RapberryPI: KODI - a media player for TV. You can put a USB drive to a router and watch your photos, video and audio without any additional software.
- SFTP Client list
Troubleshooting
Collect and analyze the following information.
# Restart services service log restart; service dropbear restart # Log and status logread -e dropbear; netstat -l -n -p | grep -e dropbear # Runtime configuration pgrep -f -a dropbear # Persistent configuration uci show dropbear ls -l /etc/dropbear; cat /etc/dropbear/authorized_keys ls -l $(opkg files openssh-sftp-server | grep -e ^/)
Extras
Service discovery
You may want to provide service discovery for clients supporting Bonjour/Zeroconf.
opkg update
opkg install announce
See also umdns Multicast DNS Daemon