The first significant release of the server took place , which allows you to organize remote access to files using the SFTP, SCP / SSH and Rsync protocols. Including SFTPGo can be used to provide access to Git repositories using the SSH protocol. Data can be served both from the local file system and from external storage compatible with Amazon S3 and Google Cloud Storage. To store the user database and metadata, DBMS with SQL support or key/value format are used, such as PostgreSQL 9.4+, MySQL 5.6+, SQLite 3.x or . There is also a mode of storing metadata in RAM, which does not require an external database connection. The project code is written in Go and licensed under GPLv3.
Main Features:
- Each account is chrooted, restricting access to the user's home directory. It is possible to create virtual directories that refer to data outside the user's home directory.
- Accounts are stored in a virtual user database that does not intersect with the system user database. SQLite, MySQL, PostgreSQL, bbolt and in-memory storage can be used to store user databases. Means are provided for mapping virtual and system accounts - direct or arbitrary mapping is possible (one system user can be mapped to another virtual user).
- Public key, SSH key, and password authentication is supported (including interactive authentication with keyboard password entry). It is possible to bind several keys for each user, as well as set up multi-factor and multi-stage authentication (for example, in case of successful key authentication, a password may be additionally requested).
- It is possible to configure different authentication methods for each user, as well as define their own methods implemented by calling external authenticator programs (for example, for authentication via LDAP) or sending requests via the HTTP API.
- It is possible to connect external handlers or HTTP API calls to dynamically change the user settings that are called before the user logs in. Supported creating users on connection.
- Support for individual quotas for data size and number of files.
- Support for bandwidth limiting with separate settings for limits for incoming and outgoing traffic, as well as limits for the number of simultaneous connections.
- Access control tools that act in relation to a user or directory (you can restrict viewing the list of files, prohibit uploading, downloading, overwriting, deleting, renaming or changing access rights, prohibiting the creation of directories or symbolic links, etc.).
- For each user, you can define individual network restrictions, for example, you can only allow access from certain IPs or subnets.
- It supports the connection of filters for downloadable content in relation to individual users and directories (for example, you can block the download of files with a certain extension).
- You can bind handlers that are launched during various operations with the file (loading, deleting, renaming, etc.). In addition to calling handlers, sending notifications in the form of HTTP requests is supported.
- Automatic termination of inactive connections.
- Atomic configuration update without breaking connections.
- metrics to monitor in Prometheus.
- The HAProxy PROXY protocol is supported to organize load balancing or proxy connections to SFTP/SCP services without losing knowledge of the user's source IP address.
- to manage users and directories, create backups and generate reports on active connections.
- (http://127.0.0.1:8080/web) for configuration and monitoring (configuration via regular configuration files is also supported).
- Ability to define settings in JSON, TOML, YAML, HCL and envfile formats.
- SSH connections with limited access to system commands. For example, commands required for Git (git-receive-pack, git-upload-pack, git-upload-archive) and rsync are allowed to run, as well as several built-in commands (scp, md5sum, sha*sum, cd, pwd, sftpgo-copy and sftpgo-remove).
- Mode to share one shared directory with automatic generation of connection credentials advertised via multicast DNS.
- Embedded system for performance analysis.
- Simplified migration of Linux system accounts.
- logs in JSON format.
Source: opennet.ru