Containerized SFTP Server

This container provides a secure and isolated SFTP server, specifically designed for application deployment. The service is configured to allow access only to a specific directory, ensuring users cannot navigate outside their assigned directory.

Features

• SFTP server based on OpenSSH
• Complete isolation through chroot
• Support for both password and public key authentication
• Single user configuration
• Integrated healthcheck for monitoring
• Based on Alpine Linux for minimal size
• Support for rsync and rclone

Requirements

• Docker
• Docker Compose (optional, for easier deployment)

Environment Variables

The container requires the following environment variables:

Variable	Description	Required
SFTP_USER	SFTP username	Yes
SFTP_PASSWORD	User password	Yes
SFTP_USER_ID	Numeric user ID	Yes
SFTP_GROUP_ID	Numeric group ID	Yes
SFTP_SSH_KEY	User's SSH public key	No

Usage Example

Using Docker Run

docker run -d \
  --name sftp-server \
  -p 2222:22 \
  -v /local/path:/home/sftpuser \
  -e SFTP_USER=sftpuser \
  -e SFTP_PASSWORD=your_password \
  -e SFTP_USER_ID=1000 \
  -e SFTP_GROUP_ID=1000 \
  -e SFTP_SSH_KEY="ssh-rsa AAAA..." \
  sftp-server

Using Docker Compose

version: '3'
services:
  sftp:
    build: .
    ports:
      - "2222:22"
    volumes:
      - ./data:/home/sftpuser
    environment:
      - SFTP_USER=sftpuser
      - SFTP_PASSWORD=your_password
      - SFTP_USER_ID=1000
      - SFTP_GROUP_ID=1000
      - SFTP_SSH_KEY="ssh-rsa AAAA..."

Public Key Configuration

To use public key authentication:

1. Generate your SSH key pair if you don't have one:

   ssh-keygen -t rsa -b 4096

2. Get your public key:

   cat ~/.ssh/id_rsa.pub

3. Use the content as the value for SFTP_SSH_KEY

Directory Structure

The container is configured with the following structure:

/home/
  └── sftpuser/    # User's chroot directory
      └── .ssh/    # Directory for SSH keys

Security

• User is confined to their home directory through chroot
• Root access is not allowed
• Connections are limited to SFTP (no shell access)
• File permissions are strictly controlled

Monitoring

The container includes a healthcheck that verifies:

• SSH service is running
• Port 22 is accessible
• Service status every 30 seconds

To check the status:

docker ps  # View general status
docker inspect --format='{{json .State.Health}}' container_name  # View healthcheck details

Limitations

• Only allows a single user
• No shell access
• No navigation outside the assigned directory
• No root access

Using rsync and rclone

The container includes support for rsync and rclone:

1. Using rsync:

rsync -avz -e "ssh -p 2222" /local/path/ sftpuser@localhost:/remote/path/

2. Using rclone:

# First configure rclone
rclone config

# Then use the configured remote
rclone copy /local/path/ sftp:remote/path/

For rclone, you'll need to configure an SFTP remote with these parameters:

Type: sftp
Host: localhost
Port: 2222
User: sftpuser
Pass: your_password

Troubleshooting

1. If you can't connect:

   • Verify the port is correctly mapped
   • Check credentials
   • Check container logs: docker logs container_name

2. If healthcheck fails:

   • Verify port 22 is not blocked
   • Check SSH service logs
   • Ensure container has sufficient resources

Contributing

Contributions are welcome. Please open an issue to discuss proposed changes.