Easy to use SFTP (SSH File Transfer Protocol) server with OpenSSH.
Original work from atmoz (https://github.com/atmoz/sftp)
Modified by S.CAPS for OpenShift 4 compatibility
- This container need to modify the OpenShift Security Context (scc) as anyuid for the used service-account
- alpine part removed
- This as been tested on OpenShift 4.5 with only one user
- Create a service account inside your namespace/project (example: sftp-sa)
- Change the Security Context for this serviceAccount to allow the pod to run as root using the following command:
$ oc adm policy add-scc-to-user anyuid -z my-sftp-service-account
- Create a config map containing your user list
- Create a service to expose sftp using a NodePort (since Routes are for http(s) traffic)
- Create a persitent volume to save your datas
- Deploy the pod using the previously created serviceAccount, service, config-map and pv
I've provided OpenShift 4 examples in the openshift directory of the project.
Since there is no OpenShift Route to access your SFTP service (no http(s) traffic),
you need to point to the any worker of your OpenShift cluster using the nodePort number used at the OpenShift Service.
Here, in the example, I use 30922. So you can use your SFTP client like that:
$ sftp -P 30922 your-username@worker1.fqdn.domain.tld
even if the pod is running worker2 for example
(all worker port number 30922 will redirect to the right pod :))
users.conf:
foo:123:1001:100
bar:abc:1002:100
baz:xyz:1003:100
You can use makepasswd (sudo apt install makepasswd) to generate encrypted passwords:
echo -n "your-password" | makepasswd --crypt-md5 --clearfrom=-
foo:$1$9KJP0cS4$jTgAq1Q7l2OdF9CqAXGNw.:e:1001
Mount public keys in the user's .ssh/keys/
directory. All keys are automatically appended to .ssh/authorized_keys
(you can't mount this file directly, because OpenSSH requires limited file permissions). In this example, we do not provide any password, so the user foo
can only login with his SSH key.
ssh-keygen -t ed25519 -f ssh_host_ed25519_key < /dev/null
ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key < /dev/null
- For consistent server fingerprint, mount your own host keys (i.e.
/etc/ssh/ssh_host_*
) inside the pod
Original work from atmoz (https://github.com/atmoz/sftp)
Modified by S.CAPS for OpenShift 4 compatibility