SFTPGo is a fully featured and highly configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support.
Several storage backends are supported: local filesystem, encrypted local filesystem, S3 (compatible) Object Storage, Google Cloud Storage, Azure Blob Storage, SFTP.
This is free and open source software.
Key Features
- Support for serving local filesystem, encrypted local filesystem, S3 Compatible Object Storage, Google Cloud Storage, Azure Blob Storage or other SFTP accounts over SFTP/SCP/FTP/WebDAV.
- Virtual folders are supported: a virtual folder can use any of the supported storage backends. So you can have, for example, a user with the S3 backend mapping a GCS bucket (or part of it) on a specified path and an encrypted local filesystem on another one. Virtual folders can be private or shared among multiple users, for shared virtual folders you can define different quota limits for each user.
- Configurable custom commands and/or HTTP hooks on upload, pre-upload, download, pre-download, delete, pre-delete, rename, mkdir, rmdir on SSH commands and on user add, update and delete.
- Virtual accounts stored within a “data provider”.
- SQLite, MySQL, PostgreSQL, CockroachDB, Bolt (key/value store in pure Go) and in-memory data providers are supported.
- Chroot isolation for local accounts. Cloud-based accounts can be restricted to a certain base path.
- Per-user and per-directory virtual permissions, for each path you can allow or deny: directory listing, upload, overwrite, download, delete, rename, create directories, create symlinks, change owner/group/file mode and modification time.
- REST API for users and folders management, data retention, backup, restore and real time reports of the active connections with possibility of forcibly closing a connection.
- The Event Manager allows to define custom workflows based on server events or schedules.
- Web based administration interface to easily manage users, folders and connections.
- Web client interface so that end users can change their credentials, manage and share their files in the browser.
- Public key and password authentication. Multiple public keys per-user are supported.
- SSH user certificate authentication.
- Keyboard interactive authentication. You can easily setup a customizable multi-factor authentication.
- Partial authentication. You can configure multi-step authentication requiring, for example, the user password after successful public key authentication.
- Per-user authentication methods.
- Two-factor authentication based on time-based one time passwords (RFC 6238) which works with Authy, Google Authenticator, Microsoft Authenticator and other compatible apps.
- LDAP/Active Directory authentication using a plugin.
- Simplified user administrations using groups.
- Roles allow to create limited administrators who can only create and manage users with their role.
- Custom authentication via external programs/HTTP API.
- Web Client and Web Admin user interfaces support OpenID Connect authentication and so they can be integrated with identity providers such as Keycloak. You can find more details here.
- Data At Rest Encryption.
- Dynamic user modification before login via external programs/HTTP API.
- Quota support: accounts can have individual disk quota expressed as max total size and/or max number of files.
- Bandwidth throttling, with separate settings for upload and download and overrides based on the client’s IP address.
- Data transfer bandwidth limits, with total limit or separate settings for uploads and downloads and overrides based on the client’s IP address. Limits can be reset using the REST API.
- Per-protocol rate limiting is supported and can be optionally connected to the built-in defender to automatically block hosts that repeatedly exceed the configured limit.
- Per-user maximum concurrent sessions.
- Per-user and global IP filters: login can be restricted to specific ranges of IP addresses or to a specific IP address.
- Per-user and per-directory shell like patterns filters: files can be allowed, denied and optionally hidden based on shell like patterns.
- Automatically terminating idle connections.
- Automatic blocklist management using the built-in defender.
- Geo-IP filtering using a plugin.
- Atomic uploads are configurable.
- Per-user files/folders ownership mapping: you can map all the users to the system account that runs SFTPGo (all platforms are supported) or you can run SFTPGo as root user and map each user or group of users to a different system account (*NIX only).
- Support for Git repositories over SSH.
- SCP and rsync are supported.
- FTP/S is supported. You can configure the FTP service to require TLS for both control and data connections.
- WebDAV is supported.
- ACME protocol is supported. SFTPGo can obtain and automatically renew TLS certificates for HTTPS, WebDAV and FTPS from Let’s Encrypt or other ACME compliant certificate authorities, using the HTTP-01 or TLS-ALPN-01 challenge types.
- Two-Way TLS authentication, aka TLS with client certificate authentication, is supported for REST API/Web Admin, FTPS and WebDAV over HTTPS.
- Per-user protocols restrictions. You can configure the allowed protocols (SSH/HTTP/FTP/WebDAV) for each user.
- Prometheus metrics are supported.
- Support for HAProxy PROXY protocol: you can proxy and/or load balance the SFTP/SCP/FTP service without losing the information about the client’s address.
- Easy migration from Linux system user accounts.
- Portable mode: a convenient way to share a single directory on demand.
- SFTP subsystem mode: you can use SFTPGo as OpenSSH’s SFTP subsystem.
- Performance analysis using built-in profiler.
- Configuration format is at your choice: JSON, TOML, YAML, HCL, envfile are supported.
- Log files are accurate and they are saved in the easily parsable JSON format (more information).
- Plugin system and therefore can be extended using external plugins.
- Infrastructure as Code (IaC) support using the Terraform provider.
Website: github.com/drakkan/sftpgo
Support:
Developer: Nicola Murino
License: GNU Affero General Public License v3.0
SFTPGo is written in Go. Learn Go with our recommended free books and free tutorials.
Related Software
| FTP Servers | |
|---|---|
| Pure-FTPd | Fast and secure production-quality and standard-conformant FTP server |
| SFTPGo | Fully featured and highly configurable SFTP server |
| ProFTPd | Highly configurable FTP server software |
| bftpd | Strives to be fast, secure and quick to install and configure |
| vsftpd | Fairly minimal FTPd |
| tnftpd | Default NetBSD FTP server |
| umftpd | Transfer files directly via most file browsers' built-in FTP support |
| unFTP | Modern FTP(S) server |
Read our verdict in the software roundup.
| Web-Based File Managers | |
|---|---|
| copyparty | Portable file server |
| Filestash | Dropbox-like file manager |
| AList | File list program that supports multiple storages |
| File Browser | Provides a file managing interface within a specified directory |
| Tiny File Manager | Versatile web-based PHP file manager |
| Cloudreve | Self-hosted file management system with multi-cloud support |
| FileGator | Powerful multi-user file manager |
| Dufs | Fle server that supports static serving |
| kodbox | Self-hosted document management and collaboration platform |
| Cloud Commander | For the web with console and editor |
| Directory Lister | Browse and share folders |
| SFTPGo | WebAdmin UI lets you manage users, folders, and more |
| TagSpaces | Offline, open source, personal data manager |
| Nextcloud | Personal cloud storage, text editor, photo gallery, file share,... |
| Gossa | Fast and simple multimedia fileserver |
| Surfer | Simple static file server |
| IFM | Improved File Manager |
| OASIS | Self-hosted file server |
| HardBore | Sub-2ms cold start, native OS integration, full keyboard navigation |
| Fint | Keyboard-driven file manager |
Read our verdict in the software roundup.
| WebDAV Servers | |
|---|---|
| sabre/dav | CardDAV, CalDAV and WebDAV server |
| webdav | Simple and standalone WebDAV server |
| Dufs | File server that supports static serving |
| Davis | Admin interface for sabre/dav |
| SFTPGo | Fully featured and highly configurable SFTP server with WebDAV support |
| KaraDAV | Lightweight WebDAV server |
| Nephele | Pluggable WebDAV server |
| Milton | WebDAV / CalDAV / CardDAV server library |
| Apache WebDAV | Provides class 1 and class 2 WebDAV functionality for Apache |
| phởdav | Minimal WebDAV server |
| Nginx WebDAV | File management automation via the WebDAV protocol |
| dave | Simple WebDAV server |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |