FTP is the standard protocol for transferring files or data from one computer to another. But the question that arises here is that does FTP guarantee that it will transfer the files to the intended device without any failure? Well, while using FTP for file transfer, there is a chance that your files can land in the hands of malicious actors. But when it is about SFTP or SSH File Transfer Protocol, you can be sure of the security of your files while they are being transferred to a remote machine.
In this post, we are going to talk about how to use SFTP to transfer files securely and what exactly this protocol exactly means? So, keep reading the post to discover the basics of SFTP and its work methods.
What Does SFTP Mean?
SFTP is a standard protocol that lets you transfer, access, and manage files and data on a remote computer through the remote server. SFTP protocol has the same purpose of transferring files and data as FTP, but it is a better alternative as it ensures better security. SFTP refers to SSH File Transfer Protocol where SSH represents a cryptographic protocol that connects the server and client computers securely.
SSH encryption secures the data that is being transferred and ensures that it can’t be intercepted by malicious actors. SFTP comes with several benefits that FTP doesn’t have. Here are some of the key benefits of SFTP that you need to know:
- SSH protects sensitive data through end-to-end encryption and authentication, which is done from the users’ end.
- Through SFTP, you can easily and securely access any data and share it with your team members or other people in your business or network.
- You can transfer high-quality data more efficiently through the SFTP server. It allows you to transfer large amounts of data without compromising the transfer speed.
How Does the SSH File Transfer Protocol Work?
FTP is used to transfer files using plain, human-readable texts, which makes it easy for malicious actors to steal the information. But when it comes to the SFTP, it uses the SSH protocol to encrypt data so that any third party cannot access the data. Even though SFTP was built on the existing FTP, this one feature has made a whole lot of differences between the two protocols. Due to the SSH encryption, anyone who tries to see through the data transformation won’t understand the information. All they will see is unreadable data or bits and bytes.
SSH encryption requires different user authentication methods to secure the data. It includes a username, password, and an SSH key. We will talk about this in detail in the later sections.
Ways to Set Up the SFTP Server
You can set up an SFTP server in two different ways— either you can build your own SFTP server or use a managed cloud service. Now, let’s talk about both of them.
If you have a Linux machine, you can use it to set up your own SFTP server. For that, you will have to create users and set their passwords. You will have to add SSH keys to help the users authenticate the connections. Once the users verify their details, you can assign them directories and permissions of the data. Also, you can create additional network rules that will enhance the security of the server.
You can configure the data, back up the data, and monitor it. But if you want to set up an SFTP server on your Windows computer, you will have to use a third-party tool such as WinSCP or Filezilla SFTP Server. SFTP is not available by default on Windows machines. But you can also skip all these hassles of setting up an SFTP server by switching to a cloud-based service.
Different cloud-based services come with different features and pricing plans. You can use the AWS Transfer for SFTP, which is the most popular option. AWS uses the Amazon S3 protocol to let you access files.
How to Create SSH Keys?
SFTP supports the SSH authentication methods because the two are related as the SFTP is a subsystem of the SSH. You can create usernames and set up passwords for authentication. But creating SSH keys will help the users log in to the portal without any password. The users will need to have a copy of the valid SSH keys to access the SFTP server.
We will create the SSH keys in this section so that you can access the server from a remote machine without the hassle of using a password. Follow the code below to create the SSH keys. Also, we will discuss how you can use the SSH keys to connect with the SFTP server.
First enter the terminal then type-
# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter the same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 71:de:c6:b4:c4:8b:31:70:5f:bd:96:60:56:8e:74:b9 root@centos The key's randomart image is: +--[ RSA 2048]----+ | . . .o+.| | o o.=+..| | . + B...+| | + O o E | | S o * . | | . | | | | | | | +-----------------+
For security purposes, the key is protected with a strong password. The password protects the key, and you can use the SSH agent to cache the password. Now, copy the key to the remote host:
# ssh-copy-id root@192.168.1.89 root@192.168.1.89’s password:
Now try logging into the machine, with “ssh ‘root@192.168.1.89’”, and check-in:
.ssh/authorized_keys
To make sure we haven’t added extra keys that you weren’t expecting, log in to the remote server with SSH and check if the connection is okay:
# ssh root@192.168.1.89 Last login: Fri Apr 15 15:18:42 2016 from 192.168.1.125
Then exit and connect to the server with this:
# sftp root@192.168.1.89 Connecting to 192.168.1.89... sftp>
Commands For Getting Information About the Environment
There are some commands that you can use to learn about the conditions of the SSH connection.
- Here is a command that lets you know about the present working directory on a remote server:
sftp>pwd Remote working directory: /root
- The following command lists the files and folders on a remote server:
sftp>ls Desktop Documents Downloads Music Pictures Public Templates Videos
- You can use the following command to print the local machine working directory:
sftp> lpwd Local working directory: /root
- Transferring remote sites to the local client
Syntax:
sftp> get <remote file > Usage: sftp> get pdfflyer.sql Fetching /root/pdfflyer.sql to pdfflyer.sql /root/pdfflyer.sql 100% 1765KB 1.7MB/s 00:01
- Here is a command that will copy the remote file to the local machine in the current working directory:
sftp> get <remotefile> <localfile>
- You can rename the remote file using the command <local file>, and the following command will copy the remote file to the current working directory:
sftp>get -r <Directory>
- You can use the ‘-r’ option in the <Directory> in the above command to copy a directory repeatedly that has all the files and folders. And the following command will transfer local files to remote machine:
General Syntax:
sftp> put <localfile> Usage: sftp> put svn_backup.sh Uploading svn_backup.sh to /root/svn_backup.sh svn_backup.sh 100% 489 0.5KB/s 00:00 sftp>
- Again, you can use the ‘-r’ option to copy the local files repeatedly to the remote server:
sftp> put -r <Local directory>
- There are some commands for file maintenance too and SSH lets you use the commands to manipulate the files. Which is especially useful while working with the file system. To get the files from remote client and view them in the local client, you can use the “!” symbol in front of a command:
sftp> get /etc/passwd sftp> !less passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin ......
- Add “ ! “ at the beginning of the command to list all the groups in the local system:
sftp>!less /etc/group root:x:0: bin:x:1:bin,daemon daemon:x:2:bin,daemon sys:x:3:bin,adm adm:x:4:adm,daemon tty:x:5: disk:x:6: lp:x:7:daemon mem:x:8: kmem:x:9: wheel:x:10: ....
- You cannot manage local file permissions with any command, still, you can set the local umask. Setting the umask will help any copied files to the local system to have appropriate permissions. The command used is “lumask”:
sftp>lumask 022 Local umask: 022
- You can create directories on both local and remote clients with “lmkdir” and “mkdir”.
- The following command lets you exit from the SFTP session. You can use either “exit” or “bye”.
sftp> bye
Connecting with SFTP
You need to use either a Linux or macOS machine to connect with the SFTP server. In the terminal app, you can enter the sftp command to connect to the remote server with the SFTP protocol. Arrange the server’s domain name or IP address and the username of the server. Use the following command to find the IP address and username:
ssh user@server_ipaddress ssh user@remotehost_domainname
SFTP will use TCP port 22 for communication, and using the -P flag will help you to change the port number:
> sftp -P 2222 username@example.com
Enter a suitable sftp command in the terminal window to initialize the connection. When done, the server itself will ask you to provide the credentials. After providing your username and password, it will show you a welcome message:
Connected to example.com. sftp>
But if you don’t want to provide the password every time, the SSH keys will help you to log in to the server, and it will authenticate automatically.
Learn About the Help Command in SFTP
If you want to access the summary of SFTP help, use the command help. Use either of these:
Sftp help
or
Sftp ?
You will find a list of all the available commands:
bye Quit sftp cd path Change remote directory to ‘path’ chgrp [-h] grp path Change group of file ‘path’ to ‘grp’ chmod [-h] mode path Change permissions of file ‘path’ to ‘mode’ chown [-h] own path Change owner of file ‘path’ to ‘own’ df [-hi] [path] Display statistics for current directory or filesystem containing ‘path’ exit Quit sftp get [-afpR] remote [local] Download file help Display this help text lcd path Change local directory to ‘path’ lls [ls-options [path]] Display local directory listing lmkdir path Create local directory ln [-s] oldpath newpath Link remote file (-s for symlink) lpwd Print local working directory ls [-1afhlnrSt] [path] Display remote directory listing lumask umask Set local umask to 'umask' mkdir path Create remote directory progress Toggle display of progress meter put [-afpR] local [remote] Upload file pwd Display remote working directory quit Quit sftp reget [-fpR] remote [local] Resume download file rename oldpath newpath Rename remote file reput [-fpR] local [remote] Resume upload file rm path Delete remote file rmdir path Remove remote directory symlink oldpath newpath Symlink remote file version Show SFTP version !command Execute’ command’ in local shell ! Escape to local shell
Conclusion
That’s how you use SFTP to securely transfer files with a remote server. However, creating SSH keys is the most important part of transferring files using SFTP. If you found this guide to be helpful, do check out our other articles as well. Or, if you have any questions regarding the SFTP connection, feel free to leave us a comment below.
People are also reading: