Installing SFTP – Server 2020 & Server 2019


This is step by step guide to install and configure a SFTP server on Windows Server 2019 to achieve greater security in the communication from remote clients to File Servers over the internet

if you would like to check how to install File Server Role in Window Server 2019 then click here

How to ..


  • better to assign a static IP address
  • Allow inbound connections for SFTP in windows defender firewall
  • Run the following PowerShell command as the Administrator:

New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH SSH Server' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 -Program "C:\System32\OpenSSH\sshd.exe"

SFTP SERVER on Windows server 2019

Now it is possible to install an SFTP server right from the Apps and Features section with windows server 2019

The following are the steps to enable SFTP on a Windows server 2019:

  1. Go to Windows Settings–>Apps 
  2. Click on “Manage optional features” Under apps and features menu
  3. Look for OpenSSH Server, check if it’s already installed, if not click on “Add a feature” to install it.

Configuring OpenSSH server to start on Windows startup:

  • Go to Windows services and look for “OpenSSH Authentication Agent ” and “OpenSSH SSH Server” services.
  • Change both services startup type to “Automatic”, and make sure that they are both started.

Changing the root directory of OpenSSH server:

  • Browse to directory “C:\ProgramData\ssh” and locate “sshd_config” file.
  • Look for #ChrootDirectory and modify that line to:   

ChrootDirectory “E:\SFTPRoot” and save the file.   OR

sftp sftp-server.exe -d E:\SFTPRoot

  • Restart the “OpenSSH SSH Server” service”.

Create a local user, on the Windows server 2019 or an active directory user if the server is joined to the domain, for instance:

Connect SFTP SERVER with any SFTP Agent i.e FileZilla

Create a new site in FileZilla Client and test your SFTP server


  1. vikram1258 July 6, 2021 at 6:00 pm

    I am unable to connect with the active directory users , if possible can you share the sshd_config file how to set the domain user to login.

    and i am using NAS storage so i am using the symbolic link for the SFTP.

  2. JAvier December 13, 2021 at 9:30 pm

    Hey men, Thanks so much… Are you is the best. This is working perfect.

    really appreciate your post.

  3. Lee Smith January 18, 2022 at 9:08 am

    Hi guys

    Can you confirm did you use certificates?

    Did you open port 22 to that public IP assigned to the server?

    What authentication did you use? we are looking to give access to our external supplier.

    are you aware you can use the azure application proxy connector to setup folder access without exposing the IP/ports?



  4. Georg April 22, 2022 at 1:45 pm

    Good description, work perfect 🙂


Leave A Comment

Your email address will not be published. Required fields are marked *