Public | Automated Build

Last pushed: 4 days ago
Short Description
Easy to use SFTP server
Full Description

Supported tags and respective Dockerfile links

Securely share your files

Easy to use SFTP (SSH File Transfer Protocol) server with OpenSSH.
This is an automated build linked with the debian and alpine repositories.


  • Define users as command arguments, STDIN or mounted in /etc/sftp-users.conf
    (syntax: user:pass[:e][:uid[:gid[:dir1[,dir2]...]]]...).
    • Set UID/GID manually for your users if you want them to make changes to
      your mounted volumes with permissions matching your host filesystem.
    • Add directory names at the end, if you want to create them and/or set user
      ownership. Perfect when you just want a fast way to upload something without
      mounting any directories, or you want to make sure a directory is owned by
      a user (chown -R).
  • Mount volumes in user's home directory.
    • The users are chrooted to their home directory, so you must mount the
      volumes in separate directories inside the user's home directory


Simplest docker run example

docker run -p 22:22 -d atmoz/sftp foo:pass:::upload

User "foo" with password "pass" can login with sftp and upload files to a folder called "upload". No mounted directories or custom UID/GID. Later you can inspect the files and use --volumes-from to mount them somewhere else (or see next example).

Sharing a directory from your computer

Let's mount a directory and set UID:

docker run \
    -v /host/share:/home/foo/share \
    -p 2222:22 -d atmoz/sftp \

Using Docker Compose:

    image: atmoz/sftp
        - /host/share:/home/foo/share
        - "2222:22"
    command: foo:123:1001

Logging in

The OpenSSH server runs by default on port 22, and in this example, we are
forwarding the container's port 22 to the host's port 2222. To log in with the
OpenSSH client, run: sftp -P 2222 foo@<host-ip>

Store users in config

docker run \
    -v /host/users.conf:/etc/sftp-users.conf:ro \
    -v /host/share:/home/foo/share \
    -v /host/documents:/home/foo/documents \
    -v /host/http:/home/bar/http \
    -p 2222:22 -d atmoz/sftp



Encrypted password

Add :e behind password to mark it as encrypted. Use single quotes if using terminal.

docker run \
    -v /host/share:/home/foo/share \
    -p 2222:22 -d atmoz/sftp \

Tip: you can use atmoz/makepasswd to generate encrypted passwords:
echo -n "your-password" | docker run -i --rm atmoz/makepasswd --crypt-md5 --clearfrom=-

Using SSH key (and no password)

Mount all public keys in the user's .ssh/keys/ directory. All keys are automatically
appended to .ssh/authorized_keys.

docker run \
    -v /host/ \
    -v /host/ \
    -v /host/share:/home/foo/share \
    -p 2222:22 -d atmoz/sftp \

Execute custom scripts or applications

Put your programs in /etc/sftp.d/ and it will automatically run when the container starts.
See next section for an example.

Bindmount dirs from another location

If you are using --volumes-from or just want to make a custom directory
available in user's home directory, you can add a script to /etc/sftp.d/ that
bindmounts after container starts.

# File mounted as: /etc/sftp.d/
# Just an example (make your own)

function bindmount() {
    if [ -d "$1" ]; then
        mkdir -p "$2"
    mount --bind $3 "$1" "$2"

# Remember permissions, you may have to fix them:
# chown -R :users /data/common

bindmount /data/admin-tools /home/admin/tools
bindmount /data/common /home/dave/common
bindmount /data/common /home/peter/common
bindmount /data/docs /home/peter/docs --read-only
Docker Pull Command
Source Repository

Comments (12)
8 months ago


I had problems with the last step "Bindmount dirs from another location". mount constantly showed "permission denied" error message. "chown", as suggested, did not help. I had to run your container as "--privileged", then everything was mounted as expected.
It would be nice if you could update the description of the last step with this info.


8 months ago

Hi, not work Rancher Labs

a year ago

Great image, working as intented. Dont forger if using SSH from linux that your private key rights be 400 or it will be ignored.

2 years ago

Are your private key in the right place? Check if it is found by running sftp command with verbose option (-v). Like: sftp -v user@host

2 years ago

No, nothing.

2 years ago

Does docker logs <container-id> tell you anything?

2 years ago

Yes, I'm mounting it like this:

-v /mnt/data/sftp/keys/
and to make sure this mounting is correct I check .ssh/authorized_keys files and it contains proper entry. Logging in with password works fine.
I tried to look for auth.log in /var/log/ of the container but it was not there.
Thanks for help,

2 years ago

First of all: are you mounting your key in .ssh/keys/? I would then check if logging in with just password works, just to be sure.

2 years ago

I'm having issues setting up SSH key authentication (I'm getting permission denided message). The authentication key seems to be in place (I checked authorized_keys file inside container). Any ideas how to debug the problem?

2 years ago

Please report any issues on github, if possible:

I will have a look at the problem.