How to Use SFTP to Securely Transfer Files with a Remote Server?

0
47
SFTP to Securely Transfer Files with a Remote Server

FTP is the standard protocol for transferring files or data from one computer to another. But the question that arises here is that does FTP guarantee that it will transfer the files to the intended device without any failure? Well, while using FTP for file transfer, there is a chance that your files can land in the hands of malicious actors. But when it is about SFTP or SSH File Transfer Protocol, you can be sure of the security of your files while they are being transferred to a remote machine.

In this post, we are going to talk about how to use SFTP to transfer files securely and what exactly this protocol exactly means? So, keep reading the post to discover the basics of SFTP and its work methods.

What Does SFTP Mean?

SFTP is a standard protocol that lets you transfer, access, and manage files and data on a remote computer through the remote server. SFTP protocol has the same purpose of transferring files and data as FTP, but it is a better alternative as it ensures better security. SFTP refers to SSH File Transfer Protocol where SSH represents a cryptographic protocol that connects the server and client computers securely.

SSH encryption secures the data that is being transferred and ensures that it can’t be intercepted by malicious actors. SFTP comes with several benefits that FTP doesn’t have. Here are some of the key benefits of SFTP that you need to know:

  • SSH protects sensitive data through end-to-end encryption and authentication, which is done from the users’ end.
  • Through SFTP, you can easily and securely access any data and share it with your team members or other people in your business or network.
  • You can transfer high-quality data more efficiently through the SFTP server. It allows you to transfer large amounts of data without compromising the transfer speed.

How Does the SSH File Transfer Protocol Work?

FTP is used to transfer files using plain, human-readable texts, which makes it easy for malicious actors to steal the information. But when it comes to the SFTP, it uses the SSH protocol to encrypt data so that any third party cannot access the data. Even though SFTP was built on the existing FTP, this one feature has made a whole lot of differences between the two protocols. Due to the SSH encryption, anyone who tries to see through the data transformation won’t understand the information. All they will see is unreadable data or bits and bytes.

SSH encryption requires different user authentication methods to secure the data. It includes a username, password, and an SSH key. We will talk about this in detail in the later sections.

Ways to Set Up the SFTP Server

You can set up an SFTP server in two different ways— either you can build your own SFTP server or use a managed cloud service. Now, let’s talk about both of them.

If you have a Linux machine, you can use it to set up your own SFTP server. For that, you will have to create users and set their passwords. You will have to add SSH keys to help the users authenticate the connections. Once the users verify their details, you can assign them directories and permissions of the data. Also, you can create additional network rules that will enhance the security of the server.

You can configure the data, back up the data, and monitor it. But if you want to set up an SFTP server on your Windows computer, you will have to use a third-party tool such as WinSCP or Filezilla SFTP Server. SFTP is not available by default on Windows machines. But you can also skip all these hassles of setting up an SFTP server by switching to a cloud-based service.

Different cloud-based services come with different features and pricing plans. You can use the AWS Transfer for SFTP, which is the most popular option. AWS uses the Amazon S3 protocol to let you access files.

How to Create SSH Keys?

SFTP supports the SSH authentication methods because the two are related as the SFTP is a subsystem of the SSH. You can create usernames and set up passwords for authentication. But creating SSH keys will help the users log in to the portal without any password. The users will need to have a copy of the valid SSH keys to access the SFTP server.

We will create the SSH keys in this section so that you can access the server from a remote machine without the hassle of using a password. Follow the code below to create the SSH keys. Also, we will discuss how you can use the SSH keys to connect with the SFTP server.

First enter the terminal then type-

# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter the same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

71:de:c6:b4:c4:8b:31:70:5f:bd:96:60:56:8e:74:b9 [email protected]

The key's randomart image is:

+--[ RSA 2048]----+

| . . .o+.|

| o o.=+..|

| . + B...+|

| + O o E |

| S o * . |

| . |

| |

| |

| |

+-----------------+

 

For security purposes, the key is protected with a strong password. The password protects the key, and you can use the SSH agent to cache the password. Now, copy the key to the remote host:

# ssh-copy-id [email protected]

[email protected]’s password:

Now try logging into the machine, with “ssh ‘[email protected]’”, and check-in:

.ssh/authorized_keys

To make sure we haven’t added extra keys that you weren’t expecting, log in to the remote server with SSH and check if the connection is okay:

# ssh [email protected]

Last login: Fri Apr 15 15:18:42 2016 from 192.168.1.125

Then exit and connect to the server with this:

# sftp [email protected]

Connecting to 192.168.1.89...

sftp>

Commands For Getting Information About the Environment

There are some commands that you can use to learn about the conditions of the SSH connection.

  • Here is a command that lets you know about the present working directory on a remote server:
sftp>pwd

Remote working directory: /root
  • The following command lists the files and folders on a remote server:
sftp>ls

Desktop Documents

Downloads Music

Pictures Public

Templates Videos
  • You can use the following command to print the local machine working directory:
sftp> lpwd

Local working directory: /root
  • Transferring remote sites to the local client

Syntax:

sftp> get <remote file >

Usage:

sftp> get pdfflyer.sql

Fetching /root/pdfflyer.sql to pdfflyer.sql

/root/pdfflyer.sql 100% 1765KB 1.7MB/s 00:01
  • Here is a command that will copy the remote file to the local machine in the current working directory:
sftp> get <remotefile> <localfile>
  • You can rename the remote file using the command <local file>, and the following command will copy the remote file to the current working directory:
sftp>get -r <Directory>
  • You can use the ‘-r’ option in the <Directory> in the above command to copy a directory repeatedly that has all the files and folders. And the following command will transfer local files to remote machine:

General Syntax:

sftp> put <localfile>

Usage:

sftp> put svn_backup.sh

Uploading svn_backup.sh to /root/svn_backup.sh

svn_backup.sh 100% 489 0.5KB/s 00:00

sftp>
  • Again, you can use the ‘-r’ option to copy the local files repeatedly to the remote server:
sftp> put -r <Local directory>
  • There are some commands for file maintenance too and SSH lets you use the commands to manipulate the files. Which is especially useful while working with the file system. To get the files from remote client and view them in the local client, you can use the “!” symbol in front of a command:
sftp> get /etc/passwd

sftp> !less passwd

root:x:0:0:root:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

sync:x:5:0:sync:/sbin:/bin/sync

shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown

halt:x:7:0:halt:/sbin:/sbin/halt

mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin

operator:x:11:0:operator:/root:/sbin/nologin

games:x:12:100:games:/usr/games:/sbin/nologin

gopher:x:13:30:gopher:/var/gopher:/sbin/nologin

ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

nobody:x:99:99:Nobody:/:/sbin/nologin

dbus:x:81:81:System message bus:/:/sbin/nologin

usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin

vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin

rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin

......
  • Add “ ! “ at the beginning of the command to list all the groups in the local system:
sftp>!less /etc/group

root:x:0:

bin:x:1:bin,daemon

daemon:x:2:bin,daemon

sys:x:3:bin,adm

adm:x:4:adm,daemon

tty:x:5:

disk:x:6:

lp:x:7:daemon

mem:x:8:

kmem:x:9:

wheel:x:10:

....
  • You cannot manage local file permissions with any command, still, you can set the local umask. Setting the umask will help any copied files to the local system to have appropriate permissions. The command used is “lumask”:
sftp>lumask 022

Local umask: 022
  • You can create directories on both local and remote clients with “lmkdir” and “mkdir”.
  • The following command lets you exit from the SFTP session. You can use either “exit” or “bye”.
sftp> bye

Connecting with SFTP

You need to use either a Linux or macOS machine to connect with the SFTP server. In the terminal app, you can enter the sftp command to connect to the remote server with the SFTP protocol. Arrange the server’s domain name or IP address and the username of the server. Use the following command to find the IP address and username:

ssh [email protected]_ipaddress

ssh [email protected]_domainname

SFTP will use TCP port 22 for communication, and using the -P flag will help you to change the port number:

> sftp -P 2222 [email protected]

Enter a suitable sftp command in the terminal window to initialize the connection. When done, the server itself will ask you to provide the credentials. After providing your username and password, it will show you a welcome message:

Connected to example.com. sftp>

But if you don’t want to provide the password every time, the SSH keys will help you to log in to the server, and it will authenticate automatically.

Learn About the Help Command in SFTP

If you want to access the summary of SFTP help, use the command help. Use either of these:

Sftp help

or

Sftp ?

You will find a list of all the available commands:

bye Quit sftp

cd path Change remote directory to ‘path’

chgrp [-h] grp path Change group of file ‘path’ to ‘grp’

chmod [-h] mode path Change permissions of file ‘path’ to ‘mode’

chown [-h] own path Change owner of file ‘path’ to ‘own’

df [-hi] [path] Display statistics for current directory or

                                   filesystem containing ‘path’

exit Quit sftp

get [-afpR] remote [local] Download file

help Display this help text

lcd path Change local directory to ‘path’

lls [ls-options [path]] Display local directory listing

lmkdir path Create local directory

ln [-s] oldpath newpath Link remote file (-s for symlink)

lpwd Print local working directory

ls [-1afhlnrSt] [path] Display remote directory listing

lumask umask Set local umask to 'umask'

mkdir path Create remote directory

progress Toggle display of progress meter

put [-afpR] local [remote] Upload file

pwd Display remote working directory

quit Quit sftp

reget [-fpR] remote [local] Resume download file

rename oldpath newpath Rename remote file

reput [-fpR] local [remote] Resume upload file

rm path Delete remote file

rmdir path Remove remote directory

symlink oldpath newpath Symlink remote file

version Show SFTP version

!command Execute’ command’ in local shell

! Escape to local shell

Conclusion

That’s how you use SFTP to securely transfer files with a remote server. However, creating SSH keys is the most important part of transferring files using SFTP. If you found this guide to be helpful, do check out our other articles as well. Or, if you have any questions regarding the SFTP connection, feel free to leave us a comment below.

LEAVE A REPLY

Please enter your comment!
Please enter your name here