ProHoster > Blog > internet news > Release of SFTP Server SFTPGo 2.2.0

Release of SFTP Server SFTPGo 2.2.0

The release of the SFTPGo 2.2 server has been published, which allows organizing remote access to files using the SFTP, SCP / SSH, Rsync, HTTP and WebDav protocols. Including SFTPGo can be used to provide access to Git repositories using the SSH protocol. Data can be served both from the local file system and from external storage compatible with Amazon S3, Google Cloud Storage and Azure Blob Storage. It is possible to store data in encrypted form. To store the user database and metadata, DBMSs with support for SQL or key/value format are used, such as PostgreSQL, MySQL, SQLite, CockroachDB or bbolt, but there is also the possibility of storing metadata in RAM, which does not require an external database connection. The project code is written in Go and distributed under the GPLv3 license.

In the new version:

  • Added support for two-factor authentication using one-time passwords with a limited lifetime (TOTP, RFC 6238). Applications such as Authy and Google Authenticator can be used as authenticators.
  • Implemented the ability to expand functionality through plugins. Among the plug-ins already available: support for additional key exchange services, integration of the Publish/Subscribe scheme, storage and retrieval of information about events in the DBMS.
  • The REST API has added support for authentication by keys, in addition to JWT tokens, and also provides the ability to set data storage policies (limiting the data lifetime) in relation to individual directories and users. By default, the Swagger UI is enabled for navigating API resources without using external utilities.
  • Support for write operations (uploading files, creating directories, renaming and deleting) has been added to the web interface, the ability to reset the password with confirmation by email has been implemented, a text file editor and a PDF document viewer have been integrated. Added the ability to create HTTP links to provide external users with access to individual files and directories, with the ability to set a separate password for access, restrictions on IP addresses, set the lifetime of the link and limit the number of downloads.

Main features of SFTPGo:

  • Each account is chrooted, restricting access to the user's home directory. It is possible to create virtual directories that refer to data outside the user's home directory.
  • Accounts are stored in a virtual user database that does not intersect with the system user database. SQLite, MySQL, PostgreSQL, bbolt and in-memory storage can be used to store user databases. Means are provided for mapping virtual and system accounts - direct or arbitrary mapping is possible (one system user can be mapped to another virtual user).
  • Public key, SSH key, and password authentication is supported (including interactive authentication with keyboard password entry). It is possible to bind several keys for each user, as well as set up multi-factor and multi-stage authentication (for example, in case of successful key authentication, a password may be additionally requested).
  • It is possible to configure different authentication methods for each user, as well as define their own methods implemented by calling external authenticator programs (for example, for authentication via LDAP) or sending requests via the HTTP API.
  • It is possible to connect external handlers or HTTP API calls to dynamically change the user settings that are called before the user logs in. Dynamic creation of users on connection is supported.
  • Support for individual quotas for data size and number of files.
  • Support for bandwidth limiting with separate settings for limits for incoming and outgoing traffic, as well as limits for the number of simultaneous connections.
  • Access control tools that act in relation to a user or directory (you can restrict viewing the list of files, prohibit uploading, downloading, overwriting, deleting, renaming or changing access rights, prohibiting the creation of directories or symbolic links, etc.).
  • For each user, you can define individual network restrictions, for example, you can only allow access from certain IPs or subnets.
  • It supports the connection of filters for downloadable content in relation to individual users and directories (for example, you can block the download of files with a certain extension).
  • You can bind handlers that are launched during various operations with the file (loading, deleting, renaming, etc.). In addition to calling handlers, sending notifications in the form of HTTP requests is supported.
  • Automatic termination of inactive connections.
  • Atomic configuration update without breaking connections.
  • Providing metrics for monitoring in Prometheus.
  • The HAProxy PROXY protocol is supported to organize load balancing or proxy connections to SFTP/SCP services without losing knowledge of the user's source IP address.
  • REST API for managing users and directories, creating backups and reporting on active connections.
  • Web interface (http://127.0.0.1:8080/web) for configuration and monitoring (configuration via regular configuration files is also supported).
  • Ability to define settings in JSON, TOML, YAML, HCL and envfile formats.
  • Support for connecting via SSH with limited access to system commands. For example, commands required for Git (git-receive-pack, git-upload-pack, git-upload-archive) and rsync are allowed to run, as well as several built-in commands (scp, md5sum, sha*sum, cd, pwd, sftpgo-copy and sftpgo-remove).
  • Portable mode for sharing one shared directory with automatic generation of connection credentials advertised via multicast DNS.
  • Built-in profiling system for performance analysis.
  • Simplified Linux system account migration process.
  • Storing logs in JSON format.
  • Support for virtual directories (for example, the contents of a certain directory can be given not from the local file system, but from external cloud storage).
  • Support for cryptfs to transparently encrypt data on the fly when saving to the file system and decrypt when uploading.
  • Support for forwarding connections to other SFTP servers.
  • Ability to use SFTPGo as an SFTP subsystem for OpenSSH.
  • The ability to store credentials and confidential data in encrypted form using KMS servers (Key Management Services), such as Vault, GCP KMS, AWS KMS.

Source: opennet.ru

Add a comment