What is SFTP? How does SFTP secure a file transfer?
The full form of SFTP is the Secure file transfer protocol. It is also named SSH FTP. SSH is for a secure connection, and FTP is for file transfer protocol. The above clearly says that two protocols work together to transfer a file securely between two connected computers over an underlying TCP/IP network. According to the OSI model, both are examples of application layer protocols. In this tutorial, we will explain the SFTP in detail and use case examples.
What is FTP?
FTP is the protocol for file transfer. In an IP network, multiple computer machines connect over the IP network. A device may be physically reachable or might be a remote machine. The file can be transferred over the IP network using an application if it is a remote machine.
This results in the requirements for developing a mechanism for file transfer. FTP is the protocol that runs over TCP/IP for file transfer. A file transfer application can use the services of protocol for sending and receiving a file. It may perform more functions other than transfer. E.g., during the FTP session, the remote directories can be browsed, files on a remote machine can be deleted, etc. This makes FTP a kind of terminal where many commands can be executed.
What is SSH?
SSH protocol establishes secure communication between the two hosts over an IP network. Before ssh (with FTP), all the information was transferred over the wire in plain text for the file transfer. Plain text always opens security threats.
To make communication secure by using encryption. The development of the ssh protocol was done. With ssh, the remote login becomes secure. SSH uses key-based authentication with the server, encrypting data between the hosts.
As ssh becomes a prevalent protocol for secure communication, Other protocols start using ssh for secure transmission. SFTP is one of them. When FTP starts using SSH, it becomes SFTP. So FTP works as a user of SSH.
Over an SSH connection, everything is encrypted. That enables the data and commands to be both encrypted for the FTP.
Sftp port number :
SFTP uses TCP for network communication. Like other TCP users, SFTP also needs a port number. A client connects to the distance SFTP server. So there should be a standard port, too, for the service. Yes, there is a standard port for the service. The standard SFTP port number is 22. But the port number is configurable. This adds more security to the server. Only people with whom the detail has been shared can connect to the server. Port number 22 is the port for SSH. SFTP runs over SSH, so the ssh port is used for all communications while transferring a file.
How to use SFTP?
Till now, we have discussed the theoretical part of the protocol. Now is an excellent time to start with a few examples of the usage of SFTP. Here we will use the CentOs Linux for demonstration. Each example covers the commands and the theory behind the command.
How to check if SFTP is running?
This is the first step. We cannot run the protocol if no FTP and SSH software is installed. We are so checking first. Most of the Linux systems come with the SFTP server installed. The server starts running with the system startup. But still, chances that there are missing packages for FTP and SSH.
Following is the command for checking the SFTP server status.
[root@CentOS_6_64]# ps -ef | grep ftp
root 12497 12495 0 01:47 ? 00:00:00 /usr/libexec/openssh/sftp-server
root 13144 12443 0 02:37 pts/0 00:00:00 grep ftp
The output of the above command shows that the FTP server is running. If no server is running, we can check two installed packages from the following commands.
[root@CentOS_6_64-159 ~]# rpm -qa | grep ssh openssh-clients-5.3p1-104.el6.x86_64 trilead-ssh2-213-6.2.el6.noarch openssh-5.3p1-104.el6.x86_64 libssh2-1.4.2-1.el6.x86_64 openssh-askpass-5.3p1-104.el6.x86_64 openssh-server-5.3p1-104.el6.x86_64
For FTP [root@CentOS_6_64-159 ~]# rpm -qa | grep ftp gvfs-obexftp-1.4.3-18.el6.x86_64 ftp-0.17-54.el6.x86_64
If any of the commands don’t give output, then the corresponding (ssh or FTP) can be installed from yum. Now the server is ready to accept SFTP connections from remote clients.
SFTP client Linux:
The secure file transfer model is client/server-based. We have shown that there the server is running. Now it’s time to show how an SFTP client will connect to the server. We use an example from Linux, which provides a command-line-based interface for an SFTP client. For the Windows operating system, we have easy-to-use GUI-based clients. We will discuss later or in another post about the SFTP client for Windows. To show an easy example, we have two Centos 6 machines. One has an IP address, 192.168.1.159, and the other is 192.168.1.160. The first machine will work as an SFTP server and the other as a client. The following are the commands for secure file transfer.
Like many other commands, there is a help option to list all options with the SFTP. There are two kinds of help options, one is before the connection, and another is after the connection is set up. For the first one, just run the SFTP client with no parameters.
[root@CentOS_6_64-160 ~]# sftp usage: sftp [-1Cv] [-B buffer_size] [-b batchfile] [-F ssh_config] [-o ssh_option] [-P sftp_server_path] [-R num_requests] [-S program] [-s subsystem | sftp_server] host sftp [user@]host[:file ...] sftp [user@]host[:dir[/]] sftp -b batchfile [user@]host [root@CentOS_6_64-160 ~]#
For help after clients connect to the server.
sftp email@example.com Connecting to 192.168.1.159... firstname.lastname@example.org's password: sftp> ? Available commands: bye Quit sftp cd path Change remote directory to 'path' chgrp grp path Change group of file 'path' to 'grp' chmod mode path Change permissions of file 'path' to 'mode' chown own path Change owner of file 'path' to 'own' df [-hi] [path] Display statistics for current directory or filesystem containing 'path' exit Quit sftp get [-P] remote-path [local-path] Download file help Display this help text lcd path Change local directory to 'path' lls [ls-options [path]] Display local directory listing lmkdir path Create local directory ln oldpath newpath Symlink remote file lpwd Print local working directory ls [-1aflnrSt] [path] Display remote directory listing lumask umask Set local umask to 'umask' mkdir path Create remote directory progress Toggle display of progress meter put [-P] local-path [remote-path] Upload file pwd Display remote working directory quit Quit sftp rename oldpath newpath Rename remote file rm path Delete remote file rmdir path Remove remote directory symlink oldpath newpath Symlink remote file version Show SFTP version !command Execute 'command' in local shell ! Escape to local shell ? Synonym for help
The command for connecting the server with no file transfer :
[root@CentOS_6_64-160 ~]# sftp email@example.com Connecting to 192.168.1.159... firstname.lastname@example.org's password: sftp> sftp> exit [root@CentOS_6_64-160 ~]#
The above command connects to the server. During a connection, it prompts for the password.
The command for sending a file from the command line:
[root@CentOS_6_64-160 tmp]# sftp email@example.com Connecting to 192.168.1.159... firstname.lastname@example.org's password: sftp> cd /tmp sftp> put file.txt Uploading file.txt to /tmp/file.txt file.txt 100% 0 0.0KB/s 00:00 sftp> exit [root@CentOS_6_64-160 tmp]#
In the above example file.txt, present in /tmp on the client machine is transferred to the /tmp directory on the remote server machine.