I'm a software engineer and I'm maintaining a product that allows a user to run commands and scripts on Linux servers via an SSH connection. We now need to extend this functionality onto Windows.
We have a working solution, using freeSSHd on the Windows server. We're able to connect via SSH and run commands. In order to allow us to run scripts, we need to transfer the script from the Linux web server onto the Windows server via SFTP. We then delete the script once it has run and we have the output.
My question is simple: I'm unfamiliar with SSH on Windows and I'm wondering if a user has SSH configured, how likely is it that they'll have SFTP disabled. I'm aware that SSH isn't standard on Windows and that a user would need to install their own SSH server (freeSSHd in my case). I'm also aware that SFTP is a "subset" of SSH and uses the same port with the same credentials. What I'm concerned about is that a user could refuse to enable SFTP (despite having SSH enabled), meaning that our "solution" won't work.
Basically, is there a precedent or accepted security standard on Windows that would mean that a user would refuse to enable SFTP for some valid, tangible reason, or is the fact that SSH is enabled sufficient to assume that there will be no issues enabling SFTP? Is there anything that would give a user grounds to refuse to enable SFTP despite having SSH installed and enabled?