public void Start()
{
Licensing.Key = VecteurSettings.Default.SftpLicenseKey;
fileServer = new FileServer
{
LogWriter = new SerilogWriter()
};
var port = (int)VecteurSettings.Default.SftpPort;
var rsaKey = ServerKey.GetServerPrivateKey();
fileServer.Keys.Add(rsaKey);
var dirInfo = new DirectoryInfo(VecteurSettings.Default.BaseDirectory);
if (!dirInfo.Exists)
{
dirInfo.Create();
}
var fs = CreateFileSystem(dirInfo.FullName);
var user = new FileServerUser("vecteur", VecteurSettings.Default.SftpPassword);
fileServer.Users.Add(user);
user.SetFileSystem(fs);
fileServer.Settings.SshParameters.EncryptionModes &= ~SshEncryptionMode.CBC; // Disable CBC algorithm (security vulnerability)
fileServer.Bind(port, FileServerProtocol.Sftp);
fileServer.Start();
}
private void ConfigureAndStartFileServer()
{
Log.Information("About to configure and start sftp server.");
try
{
port = DocumentConverterSettings.Default.Port;
baseAddress = DocumentConverterSettings.Default.BaseAddress.Replace("{MachineName}", Environment.MachineName);
Log.Information(
"Using the following settings for SFTP server: port = {port}, baseAddress = {baseAddress}, baseDirectory = {settings.BaseDirectory}",
port, baseAddress,
DocumentConverterSettings.Default.BaseDirectory);
lock (fileServerLock)
{
fileServer = new FileServer
{
LogWriter = new SerilogWriter(),
Keys = { ServerKey.GetServerPrivateKey() }
};
fileServer.Settings.SshParameters.EncryptionModes &= ~SshEncryptionMode.CBC; // Disable CBC algorithm (security vulnerability)
fileServer.FileUploaded += (sender, e) =>
{
Log.Information("File successfully uploaded: user={User}, full path={FullPath}, file name={Path}", e.User, e.FullPath,
e.Path);
};
fileServer.FileDownloaded += FileServerOnFileDownloaded;
fileServer.Bind(port, FileServerProtocol.Sftp);
fileServer.Start();
}
Log.Information($"Sftp server is listening on port '{port}'");
}
catch (Exception e)
{
Log.Error(e, e.Message);
throw;
}
}
private void StartServer()
{
Configure();
Log.Write("Binding SFTP server to port {0}...", Config.ServerPort);
try
{
Server.Bind(Config.ServerPort, FileServerProtocol.Sftp);
}
catch (InvalidOperationException x)
{
Log.Write(LogColor.Error, "Unable to bind to port {0}: ", x.Message);
Log.Write(LogColor.Important, "Unable to bind to port {0}. Try changing it in the configuration file.", Config.ServerPort);
return;
}
Log.Write("Starting...");
Server.Start();
Log.Write(LogColor.Success, "SFTP server has started and is ready to accept connections.");
IsStarted = true;
}
public void Start()
{
Licensing.Key = Properties.CacheSettings.Default.SftpLicenseKey;
fileServer = new FileServer
{
LogWriter = new SerilogWriter()
};
var port = ((long?)Properties.CacheSettings.Default.Port).Value;
var rsaKey = ServerKey.GetServerPrivateKey();
fileServer.Keys.Add(rsaKey);
foreach (var category in Enum.GetNames(typeof(CacheRetentionCategory)))
{
var dirInfo = new DirectoryInfo(Path.Combine(Properties.CacheSettings.Default.BaseDirectory, category));
if (!dirInfo.Exists)
{
dirInfo.Create();
}
var fs = CreateFileSystem(dirInfo.FullName);
var user = new FileServerUser(category, Password.Current);
fileServer.Users.Add(user);
user.SetFileSystem(fs);
}
fileServer.Settings.SshParameters.EncryptionModes &= ~SshEncryptionMode.CBC; // Disable CBC algorithm (security vulnerability)
fileServer.FileUploaded += FileServerOnFileUploaded;
fileServer.FileDownloaded += FileServerOnFileDownloaded;
fileServer.Bind((int)port, FileServerProtocol.Sftp);
fileServer.Start();
}
public async Task StartAsync(CancellationToken cancellationToken)
{
await Task.Run(() =>
{
try
{
AsymmetricKeyAlgorithm.Register(Curve25519.Create);
AsymmetricKeyAlgorithm.Register(Ed25519.Create);
AsymmetricKeyAlgorithm.Register(EllipticCurveAlgorithm.Create);
using (var scope = _factory.CreateScope())
{
var conf = scope.ServiceProvider.GetRequiredService <IConfiguration>();
var uow = scope.ServiceProvider.GetRequiredService <IUnitOfWork>();
if (!Enum.TryParse <LogLevel>(conf["Rebex:LogLevel"], true, out _level))
{
throw new InvalidCastException();
}
var license = uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <tbl_Setting>()
.Where(x => x.ConfigKey == "RebexLicense").ToLambda()).OrderBy(x => x.Created)
.Last();
Rebex.Licensing.Key = license.ConfigValue;
KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.DSS, 1024, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256);
KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.RSA, 4096, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256);
KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.ECDsaNistP256, 256, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256);
KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.ECDsaNistP384, 384, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256);
KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.ECDsaNistP521, 521, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256);
KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.ED25519, 256, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256);
var secret = conf["Databases:AuroraSecret"];
var dsaStr = SshHostKeyAlgorithm.DSS.ToString();
var dsaPrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>()
.Where(x => x.KeyAlgo == dsaStr && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created)
.Single();
var dsaBytes = Encoding.ASCII.GetBytes(dsaPrivKey.KeyValue);
_server.Keys.Add(new SshPrivateKey(dsaBytes, AES.DecryptString(dsaPrivKey.KeyPass, secret)));
var rsaStr = SshHostKeyAlgorithm.RSA.ToString();
var rsaPrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>()
.Where(x => x.KeyAlgo == rsaStr && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created)
.Single();
var rsaBytes = Encoding.ASCII.GetBytes(rsaPrivKey.KeyValue);
_server.Keys.Add(new SshPrivateKey(rsaBytes, AES.DecryptString(rsaPrivKey.KeyPass, secret)));
var ecdsa256Str = SshHostKeyAlgorithm.ECDsaNistP256.ToString();
var ecdsa256PrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>()
.Where(x => x.KeyAlgo == ecdsa256Str && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created)
.Single();
var ecdsa256Bytes = Encoding.ASCII.GetBytes(ecdsa256PrivKey.KeyValue);
_server.Keys.Add(new SshPrivateKey(ecdsa256Bytes, AES.DecryptString(ecdsa256PrivKey.KeyPass, secret)));
var ecdsa384Str = SshHostKeyAlgorithm.ECDsaNistP384.ToString();
var ecdsa384PrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>()
.Where(x => x.KeyAlgo == ecdsa384Str && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created)
.Single();
var ecdsa384Bytes = Encoding.ASCII.GetBytes(ecdsa384PrivKey.KeyValue);
_server.Keys.Add(new SshPrivateKey(ecdsa384Bytes, AES.DecryptString(ecdsa384PrivKey.KeyPass, secret)));
var ecdsa521Str = SshHostKeyAlgorithm.ECDsaNistP521.ToString();
var ecdsa521PrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>()
.Where(x => x.KeyAlgo == ecdsa521Str && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created)
.Single();
var ecdsa521Bytes = Encoding.ASCII.GetBytes(ecdsa521PrivKey.KeyValue);
_server.Keys.Add(new SshPrivateKey(ecdsa521Bytes, AES.DecryptString(ecdsa521PrivKey.KeyPass, secret)));
var ed25519Str = SshHostKeyAlgorithm.ED25519.ToString();
var ed25519PrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>()
.Where(x => x.KeyAlgo == ed25519Str && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created)
.Single();
var ed25519Bytes = Encoding.ASCII.GetBytes(ed25519PrivKey.KeyValue);
_server.Keys.Add(new SshPrivateKey(ed25519Bytes, AES.DecryptString(ed25519PrivKey.KeyPass, secret)));
_binding = conf.GetSection("Daemons:SftpService:Bindings").GetChildren().Select(x => x.Value);
}
foreach (var binding in _binding)
{
var pair = binding.Split("|");
_server.Bind(new IPEndPoint(IPAddress.Parse(pair[0]), int.Parse(pair[1])), FileServerProtocol.Sftp);
#if DEBUG
_server.Bind(new IPEndPoint(IPAddress.Parse(pair[0]), int.Parse(pair[1])), FileServerProtocol.Shell);
#endif
}
_server.LogWriter = new ConsoleLogWriter(_level);
_server.Settings.AllowedAuthenticationMethods = AuthenticationMethods.PublicKey | AuthenticationMethods.Password;
_server.Settings.SshParameters.EncryptionAlgorithms = SshEncryptionAlgorithm.Any;
_server.Settings.SshParameters.EncryptionModes = SshEncryptionMode.Any;
_server.Settings.SshParameters.KeyExchangeAlgorithms = SshKeyExchangeAlgorithm.Any;
_server.Settings.SshParameters.HostKeyAlgorithms = SshHostKeyAlgorithm.Any;
_server.Settings.SshParameters.MacAlgorithms = SshMacAlgorithm.Any;
_server.Authentication += FsUser_Authentication;
_server.Connecting += FsUser_Connecting;
_server.Disconnected += FsUser_Disconnected;
_server.FileDownloaded += FsUser_FileDownloaded;
_server.FileUploaded += FsUser_FileUploaded;
_server.PreAuthentication += FsUser_PreAuthentication;
_server.Start();
}
catch (Exception ex)
{
Log.Error(ex.ToString());
}
}, cancellationToken);
}
