In any Keenetic router with the ability to connect USB drives, you can enable the built-in SFTP server and organize a secure remote access to files on the USB drive via the SFTP protocol (SSH File Transfer Protocol, also known as Secure FTP and SSH FTP). You can set up an access to the server from both the local network and the Internet.
The SFTP server is supported by KeeneticOS starting from version 3.4.1.
The SFTP is an application layer protocol designed to perform operations with the files over a reliable and secure SSH connection. The SFTP has nothing to do with the usual FTP protocol. It provides improved security for data transmission over the Internet, by implementing a fully encrypted transport layer. The SFTP is a separate protocol and should not be mistaken for the FTPS (FTP + SSL), the Simple File Transfer Protocol (has the same abbreviation for SFTP) and the FTP via SSH.
1. You can directly connect to the SFTP server from the Internet if there is a public IP address on the WAN interface of the Keenetic router, that is used to access the Internet.
2. If you have a private IP address, you can access the SFTP server through an SSTP VPN connection.
3. For more convenient use, we recommend obtaining a permanent and easy to remember domain name for your Keenetic using the KeenDNS service. When enabling KeenDNS, you can connect to the SFTP server in the 'Direct access' mode. If you use the 'Cloud access' mode, you can connect to the SFTP server via an SSTP.
4. Some ISPs filter incoming user traffic by standard protocols and ports. For example, filtering by 21 (FTP), 22 (SSH), 23 (Telnet), 25 (SMTP), 1723 (PPTP) and other ports. Therefore it is necessary to know for sure that the SFTP server operates via the port that is not blocked by the provider.
5. To operate the SFTP server in the Keenetic router, you should install the 'SSH server' and 'SFTP server' system components. You can do it on the 'General system settings' page in the 'Updates and component options' section by clicking on the 'Component options'.
After you installed the 'SSH server' and 'SFTP server' components, go to the 'Applications' page of the router's web interface, find the 'Private cloud' section and click on the header.
You will see the window, the main server settings, and user management options are presented in the 'SFTP settings' section.
If you want to access the SFTP server from the external interface, enable the 'Allow access from the Internet' option. You will see the following message: 'Warning! Enabling internet access for SFTP will enable SSH public access'. Click on 'Confirm'.
You can find the port number that uses the built-in SSH server in the 'SSH port' field. By default, the server uses the standard TCP port number 22 for the connection. If necessary, you can change the port number (for example, use 2022). We recommend doing this to improve the security, as the standard ports are often exposed to attacks on the Internet.
If the 'Anonymous access' option is enabled, the connection to the SFTP server will be available to all users without authorization. We recommend not to use anonymous access, but to set up access rights to the SFTP server with authorization (in this case when connecting to the SFTP server the user will have to enter a username and a password).
In the 'Users and access' subsection, select the accounts that will be granted to access the SFTP server. Here you can add new accounts by clicking the 'Add user' button.
Enable the SFTP option for the user you want to allow remote access via the specified protocol. Then click 'Select directory' and indicate a certain folder on the USB disk. For example, you can choose a personal folder for each account. You can set up either read and write or read-only access rights for the user, depending on the task. You can do this by following the instruction 'Folder permission control on a USD drive'.
NOTE: Important! No need to create port or firewall redirection (forwarding) rules to access the SFTP server. The system will automatically create the necessary rules and allow access.
Go back to the 'Applications' page. By default, the SFTP server is disabled. To enable the server, put the switch in the On state.
Now, using an account that has the rights to access the SFTP server (we use 'admin' in our example), you can access the files of a disk connected to the USB port of the router from the Internet.
You need to use an SFTP client or file manager with SFTP protocol support for secure and encrypted connection to the SFTP server on your mobile device or computer. For example, you can use mobile applications such as Cx Explorer, File Manager+ and others, or computer programs such as FileZilla Client, WinSCP and others.
Here is an example of a connection to the SFTP server on a Keenetic device.
NOTE: Important! In our example, we use the private IP address of the SFTP server. If you configure your access to the server from the Internet, then in the 'Host' field you need to specify a public IP address on the external interface of the router, or the domain name of the router registered with KeenDNS or DynDNS.
Run the Cx Conductor application on your Android mobile device.
Add a connection on the 'Network' tab.
Go to the 'Remote' tab and select the 'SFTP' protocol.
Specify the IP address of the router in the 'Host' field (for access from the Internet it is a WAN IP address, and for access from the local network it is a LAN IP), the SSH port number, and the admin username and password.
If the connection is successful, you will see the folders and files on the USB drive.
You can also use any file manager or client with the SSH FTP protocol support on your computer.
Here is an example of a connection using FileZilla and WinSCP programs: