SFTP (SSL) via Filezilla Server and Client

Microsoft FTP 7.0 for Windows 2008 IIS 7.0 does not multi-homed directories for FTP users.  As such, my task was to find a product that had secure sessions and allowed setup for individual user home folders.  It was suggested I try Filezilla, an open source FTP (file transfer protocol) product.  It has both a Server (Windows-only) and Client (all platforms) component.  To help others who may be tasked with a similar scenario, I'm creating this blog entry on the steps needed to create the solution:

SERVER

1.  Download the Server component and install it on your Windows IIS web server.

2.  Add Port 21 and 990 to your firewall exception list.

3.  Add the FileZilla executable to your firewall exception list.

4.  From the FileZilla Server Options menu, click on Passive Mode settings and select custom port range and use Port 21 or 990.  If not, the firewall will balk at directory inquiries and transfers.

5.  From the FileZilla Server Options menu, click on Admin Interface settings and note the port used by the Admin Interface.  Add that port to your Firewall exception list if you'll be managing Filezilla by another computer.  By default it denies all server management access requests except 127.0.0.1.

6.  From the FileZilla Server Options menu, click on SSL/TLS settings and click on "Generate new certificate."  Complete the certificate and save it somewhere where the Filezilla server can see it.  Once saved, ensure it's in a place where your users can access it as they'll need to install it on their computers when using the FileZilla client.

7.  When you've saved the certificate, the Private key file and Certificate file fields should now be completed.

8.  Type in the strong password you used to create the certificate into the Key password section of the SSL/TSL page.

9.  From the main Filezilla Server menu bar, add groups and users.  This is pretty standard stuff, play with the folders and accounts until you customize it for what you need.  Setting a home directory will root that folder for the user.  They will NOT be able to browse up the file hierarchy.  Ensure to check "Force SSL for user login" as you'll want to ensure they don't connect in the clear.

10.  FileZilla can use existing domain users, local users, or create local users as you input their names and information.


(Note: Ensure you create a Passive Mode port range and open those ports in your firewall.  This enables the client and server to communicate when actually performing a file transfer.)

CLIENT

1.  Download the Client component and install it on your computer.

2.  From the main FileZilla Client window, input the FTP servers address, Username,  Password, and Port.  Click on Quickconnect.  You will be presented with the servers certificate.  Approve the certificate.

3.  Use a remote connection on the server to monitor the FTP servers log to ensure the user logged on correctly and successfully listed their home folder.

4.  From the FileZilla Client, click the folder in the Remote Site window and press F5 to update the contents.  If everything is working, it should give you the correct contents.

5.  Drag and drop a file from your local computer to the Remote site folder to ensure the connection is working.  

That's it, you now have a secured FTP server/client combination that would be very hard to hack since the hacker would not have direct access to your server certificate and password.  You also have a multiple user friendly FTP environment that should be easy for them to use.