🔐 SFTP Server Using Raspberry Pi and Samba: Secure, Efficient, and Versatile File Sharing at Home

🎯 Project Purpose

The primary goal was to establish a secure file-sharing environment that:

• Provides remote access via SFTP (SSH File Transfer Protocol) over the internet with username/password authentication.

• Enables local network file sharing using Samba (SMB/CIFS protocol) compatible with Windows, macOS, and Linux.

• Utilizes a high-performance external SSD for ample storage and durability.

• Supports user-specific folder access and permissions to maintain privacy.

• Ensures ease of maintenance and scalability for future expansion.

The combined use of SFTP and Samba allows users to access files securely over the internet and effortlessly on local devices, bridging the gap between security and convenience.

🧰 Hardware and Setup

At the heart of the setup is a Raspberry Pi 4 (8GB RAM), chosen for its ample processing power, gigabit Ethernet, and USB 3.0 ports for fast external storage connections.

• Samsung T7 Portable SSD (connected via USB 3.0) serves as the primary file storage medium. It offers fast read/write speeds, low power consumption, and durability for frequent access.

• The Pi runs Raspberry Pi OS Lite, optimized for headless operation to maximize performance and minimize resource overhead.

• To enable remote network access beyond the local LAN, I installed and configured ZeroTier, a secure, peer-to-peer VPN-like service, allowing global connectivity to the Pi’s IP.

🛡️ Security and Access Control

Security was a top priority for this project. SFTP inherently provides encrypted file transfers via SSH, preventing eavesdropping or man-in-the-middle attacks. Key security features include:

• Strong password authentication with fail2ban to limit brute-force attempts.

• Optionally, public key authentication can be configured for passwordless, secure login.

• Per-user directories and permission restrictions in both Samba and SFTP configurations ensure users only access their authorized folders.

• ZeroTier VPN access restricts external network exposure, avoiding the need to expose SSH ports publicly.

• Regular system updates and firewall rules help maintain system integrity.

🌐 Samba File Sharing

Samba adds compatibility for seamless file sharing within the local network, allowing devices like Windows PCs and macOS machines to browse shared folders without special software.

• Each user has a dedicated Samba share with read/write permissions.

• Samba’s configuration supports guest access if needed, but primarily is locked down for authenticated users.

• Integration with Linux user accounts enables synchronized permission management across SFTP and Samba.

• Samba works flawlessly with macOS Finder, Windows Explorer, and Linux file managers, enabling drag-and-drop file management across platforms.

🔄 File Access and Management

With this setup, users enjoy:

• Secure, remote file uploads and downloads over SFTP from anywhere in the world.

• Instant local access to shared folders via Samba on all networked devices.

• Cross-platform compatibility — no need for extra apps or VPNs on local devices.

• Fast transfer speeds thanks to USB 3.0 SSD and gigabit networking.

• Easy folder creation and management with Linux commands or Samba interfaces.

📊 Performance and Reliability

The Raspberry Pi 4’s powerful quad-core CPU and 8GB RAM handle multiple concurrent file transfers and users without lag. The SSD’s fast I/O performance ensures smooth streaming and rapid file access. Additionally:

• System monitoring scripts keep an eye on disk health, storage utilization, CPU temperature, and network status.

• Auto-mounting the SSD at boot ensures consistent availability without manual intervention.

• Samba and SFTP daemons run as services, auto-restarting if needed to maintain uptime.

🔧 Challenges and Solutions

• USB SSD mounting issues on reboot were solved by configuring fstab with UUIDs to ensure consistent device recognition.

• Balancing user permissions between Linux system users, Samba shares, and SFTP access required careful ACL setup and testing.

• Implementing ZeroTier meant learning to manage virtual IPs and network bridges, but this drastically increased remote accessibility without exposing public ports.

• Monitoring and mitigating brute-force SSH attempts with fail2ban helped maintain security without locking out legitimate users.

📈 Practical Use Cases

This SFTP + Samba server setup has been invaluable in multiple scenarios:

• Remote work: Access work files securely from any location without VPN hassle.

• Media server: Stream movies and music to local devices without cloud fees.

• Backup target: Automated backups from laptops and phones over SFTP.

• Collaborative projects: Share and edit documents with family or team members on local network shares.

• IoT storage: Store sensor logs and media from smart home devices directly on the server.

🔮 Future Improvements

Potential next steps include:

• Adding Nextcloud or ownCloud for enhanced collaboration and web access.

• Enabling encrypted backups of the SSD to cloud or another local device.

• Developing a web-based file manager to simplify access for less technical users.

• Adding audit logging to track file access and changes.

• Integrating with LDAP or Active Directory for enterprise-level user management.

🏁 Final Thoughts

Transforming a humble Raspberry Pi into a robust, secure SFTP and Samba server proves that powerful, enterprise-grade file sharing solutions can be affordable, efficient, and highly customizable. By combining encrypted remote access with seamless local network sharing, this project provides the best of both worlds: security, convenience, and performance. For anyone looking to gain hands-on experience with Linux server management, networking, and storage, this project is an excellent practical introduction — and a functional tool you can use every day.

Follow me