0

I'm trying to set up an SFTP server for a use case. I need the server to be extremely secure. What are the best practices that I should keep in mind?

I referred a lot of blogs and posts but couldn't find an end-to-end guide for setting up a secure SFTP server. These are the points that I got from different posts:

  1. Create an SFTP only user with no login
  2. Create chroot jail environment to isolate or protect other locations of the server
  3. Use public key authentication instead of password authentication
  4. Disable password authentication for the user, etc.

In addition to these points, is there any other standards to follow for setting up a server. Or How highly secure environments like banks, hospitals, etc setup SFTP servers?

Any links or guidance would be appreciated. Thanks.

Neron Joseph
  • 111
  • 1
  • 5
  • 1
    It helps to break this down into smaller components: best practices for SSH and best practices for FTP. – ChocolateOverflow Mar 09 '21 at 02:35
  • 2
    What is that use case? Our recommendations will differ based on your needs. Are you going to have multiple users? Are these users generally trusted (e.g., employees) or not (e.g., customers)? What kind of data will you be storing? Do you have regulatory requirements for data storage or encryption algorithms? – bk2204 Mar 09 '21 at 02:35

0 Answers0