Healthcare Blocks can enable SFTP functionality on an existing or new server. SFTP is FTP tunneled through SSH.
Your SFTP server has two types of users - administrators and external users.
By default, you are an administrator, and you will use SSH to connect via port 22. You can also use the SCP command to retrieve files.
External users, on the other hand, will connect via port 222, using the SFTP command or a desktop SFTP software to transfer files.
Creating New SFTP Users
First, SSH to your server using an administrator account:
Next, use the SFTP admin tool to manage users:
sudo sftp_admin create_user username
The admin tool will generate and display a random password. If you'd like to change the password, do:
sudo sftp_admin change_pw username
To view a list of users:
sudo sftp_admin list_users
To delete a user:
sudo sftp_admin del_user username
Where Files are Stored
Your SFTP server uses a Linux concept known as CHROOT to physically isolate each SFTP user to a specific part of the filesystem. Thus, it is impossible for an SFTP user to access another user’s data. The exception, of course, are administrator accounts, which can access the entire filesystem via SSH and SCP protocols.
User-specific files are located in user-named subdirectories under /data/sftp_chroot/users.
When a user is created, a default subdirectory named files is also created. Files should be uploaded into this location because the SFTP subsystem does not permit uploads in the parent directory.
If you'd like to rename the files directory or have others automatically created when users are created, you can edit /data/sftp_chroot/config.yaml and set one or more names:
# inside /data/sftp_chroot/config.yaml: userdirs: - inbound - outbound
Note: each user directory also contains a directory named dev. Do not delete this directory as it is required by the SFTP subsystem for logging purposes.
Viewing Activity Logs
To satisfy HIPAA requirements, all SFTP activity is logged. You can view recent activity by using the following commands.
# view all log entries sudo grep 'sftp' /var/log/syslog # tail in real-time sudo tail -f /var/log/syslog | grep 'sftp'
Older logs are stored in S3. See accessing archived logs for more info.
How to Enable Filesystem Backups
Please refer to this article for guidance.
Example Command Line SFTP Session
# connect sftp -P 2222 myuser@host # list directories on server ls # list directories on local computer lls # change directory cd files # upload file put patients.csv # download file get claims-summary.pdf
Please create a ticket if you'd like to add SFTP functionality to an existing or new server.