FTP is a very popular protocol that is named File Transfer Protocol used to transfer files between client and server over the network or internet. FTP exists for a long time and at the time it created security was not important. But today IT needs security and the SFTP or Secure File Transfer Protocol is created with security over existing FTP. SFTP is superior in all cases over the FTP and if it is possible the SFTP should be used. The command sftp is used to connect remote SFTP servers. It is provided for Linux distributions like Ubuntu, Debian, Mint, CentOS, Fedora, RHEL, SUSE etc. from central repositories.
The SFTP protocol has multiple version where the version 6 is the latest sftp version which is relased in 2006. As a simple and secure protocol it do not provide new features regularly.
SFTP Commands
SFTP or SFTP Interactive shell provides following commands after logging in SFTP server. These commands are executed in the interactive shell. For example the exit or bye commands can be used to close the SFTP sessions and connection by quiting from the interactive shell.
| Command | Description |
|---|---|
| bye | Exit or quit from SFTP |
| exit | Exit or quit from SFTP |
| cd PATH | Change current working directory to the PATH |
| chgrp GROUP PATH | Change group ownership to GROUP for the PATH |
| chmod MOD PATH | Change file or folder permission to MOD for the PATH |
| lcd PATH | Change local current working directory to the PATH |
| lls PATH | List local files and folder on the specified PATH |
| ls PATH | List remote files and folder on the specified PATH |
| mkdir PATH | Create directory specified PATH |
| progress | Show progress during upload or download |
| pwd | Print remote system working directory |
| rename OLD_PATH NEW_PATH | Rename remote file or folder from OLD_PATH to NEW_PATH |
| rm PATH | Remove/Delete remote file or folder on the specified PATH |
| version | Show version information |
Connect SFTP Server
The SFTP uses the SSH port and service to connect the remote system. Also, the authentication is done via the SSH subsystem where current SSH users or system users are used to log in. Like an SSH connection, the SFTP authentication can be done via password or SSH keys, or certificates. In order to connect SFTP server, we will provide the username which is ismail and the IP address which is 192.168.142.133 like below.
$ sftp [email protected]
Connected to 192.168.142.133.
sftp>
sftp>
sftp> After the connection is established the interactive SFTP shell will be provided. All SFTP commands are provided to this shell to upload and download files and folders. By default, the session creation requires a password for authentication but in this case, we have used a certificate for authentication. If there is no certificate setup for authentication the password is prompted like below.
password:Passwordless Key Based SFTP Authentication
Like the SSH the SFTP connection and authentication can be done with the SSH keys without typing the password again and again for every connection. First, we will copy the current user public key to the remote SFTP server. But the current user may not have a public and private SSH key pair. So first we will create the SSH keys with the following command.
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ismail/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ismail/.ssh/id_rsa
Your public key has been saved in /home/ismail/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:US4aOw+rkYDBNSk+iVzFiHRZalYzfzSiFF3+72O5Vws ismail@ubuntu
The key's randomart image is:
+---[RSA 3072]----+
|...+BOo..+. |
|.oo==.=.+o. |
|=.++ ...oo. |
|.Bo +.o. |
|. o = S . |
| . . = .E .|
| o . . .o o|
| o .+ o |
| . .o+ |
+----[SHA256]-----+
The public and private SSH key pair is created and the public key can be transferred to the remote SFTP or SSH server with the following command by providing the username. The public key will be matched with the provided user name and in every connecton the provided public key will be used for passwordless authentication.
$ ssh-copy-id [email protected]
The authenticity of host '192.168.142.133 (192.168.142.133)' can't be established.
ECDSA key fingerprint is SHA256:FERLei2YfaohZ8FN5oNc8biHDR4i1jevewwSv9expJ0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
$Display SFTP Help Information
SFTP provides different commands similar to the Linux shell to list files. Help information about the SFTP commands and description can be listed with the ? (question mark) like below. Alternatively, the help command of the SFTP interactive shell can be used according to ? .
sftp> ?
Available commands:
bye Quit sftp
cd path Change remote directory to 'path'
chgrp [-h] grp path Change group of file 'path' to 'grp'
chmod [-h] mode path Change permissions of file 'path' to 'mode'
chown [-h] own path Change owner of file 'path' to 'own'
df [-hi] [path] Display statistics for current directory or
filesystem containing 'path'
exit Quit sftp
get [-afpR] remote [local] Download file
help Display this help text
lcd path Change local directory to 'path'
lls [ls-options [path]] Display local directory listing
lmkdir path Create local directory
ln [-s] oldpath newpath Link remote file (-s for symlink)
lpwd Print local working directory
ls [-1afhlnrSt] [path] Display remote directory listing
lumask umask Set local umask to 'umask'
mkdir path Create remote directory
progress Toggle display of progress meter
put [-afpR] local [remote] Upload file
pwd Display remote working directory
quit Quit sftp
reget [-fpR] remote [local] Resume download file
rename oldpath newpath Rename remote file
reput [-fpR] local [remote] Resume upload file
rm path Delete remote file
rmdir path Remove remote directory
symlink oldpath newpath Symlink remote file
version Show SFTP version
!command Execute 'command' in local shell
! Escape to local shell
? Synonym for help
Show SFTP Version
During time SFTP protocol gained new features with the new version. The most recent version of the SFTP is 3 and in an interactive SFTP connection the SFTP version can be displayed with the version command like below.
sftp> version
SFTP protocol version 3
sftp>
List Files On Remote SFTP Server
The ls command can be used to list files and folder on the remote server. The ls command will run on the current working directory.
sftp> ls
Desktop Documents Downloads Music Pictures Public Templates
Videos example.txt file1.txt file2.txt passwd snap test.txt
test1
Alternatively a path can be specified in order to list files and folders on the specified path. In the following example we will list contents of the Downloads .
sftp> ls Downloads/
Downloads/DEBIAN Downloads/sample_5184×3456.bmp
Downloads/teamviewer_15.9.5_amd64.deb Navigate and Change Directory
The SFTP provides commands similar to the Linux in order to list current working directory, change and navigate local and remote path. We can use the pwd command in order to list remote or SFTP server current working directory.
sftp> pwd
Remote working directory: /home/ismail
Also the lpwd command can be used to list local system current working directory. As its nature it doesn’t require a parameter.
sftp> pwd
Remote working directory: /home/ismail
The remote SFTP server current working directory can be changed using the cd command. Similarto the Linux shell the . or .. can be used for current and parent directory specification.
sftp> pwd
Remote working directory: /home/ismail
sftp> cd Downloads/
sftp> pwd
Remote working directory: /home/ismail/Downloads
In order to change local system current working directory with the lcd command. Like cd command . and .. can be used for current and parent directories.
sftp> lpwd
Local working directory: /home/ismail
sftp> lcd Downloads/
sftp> lpwd
Local working directory: /home/ismail/Downloads
Download Files and Folders From SFTP Server
The most used operation and feature or actually the creation reason for the SFTP is downloading and uploading files and folders. The get command can be used to download specified files and folders to the local current working directory. This operation will transfer remote SFTP server files to the local directory securely. In the following example, we will download the file named teamciewer_15.9.5_amd64.deb to the local system.
sftp> get teamviewer_15.9.5_amd64.deb
Fetching /home/ismail/Downloads/teamviewer_15.9.5_amd64.deb to teamviewer_15.9.5_amd64.deb
/home/ismail/Downloads/teamviewer_15.9.5_amd64.deb 0% 0 0.0KB/s --:-- ETA
Alternatively, we can define the download file name with a new or different name. We will just put a second parameter to the get command as a new file name. In the following example, we will set the downloaded file name as teamviewer.deb .
sftp> get teamviewer_15.9.5_amd64.deb teamviewer.debBy default the downloaded file will be put into the local current working directory. But we can change this path by adding the download path and file name.
sftp> get teamviewer_15.9.5_amd64.deb MyFiles/teamviewer.debIn order to download folders and their contents recursively the -r option should be used after the get command. Also the directory we want to download will be provided which is Downloads/ in this example. We can see below that the contents are downloaded recursively and information about the progress is displayed on the screen in real-time.
sftp> get -r Downloads/
Fetching /home/ismail/Downloads/ to Downloads
Retrieving /home/ismail/Downloads
/home/ismail/Downloads/sample_5184×3456.bmp 100% 51MB 6.3MB/s 00:08
Retrieving /home/ismail/Downloads/DEBIAN
/home/ismail/Downloads/DEBIAN/conffiles 100% 40 18.4KB/s 00:00
/home/ismail/Downloads/DEBIAN/control 100% 1657 426.8KB/s 00:00
/home/ismail/Downloads/DEBIAN/prerm 100% 953 65.5KB/s 00:00
/home/ismail/Downloads/DEBIAN/preinst 100% 682 273.0KB/s 00:00
/home/ismail/Downloads/DEBIAN/postinst 100% 1125 569.0KB/s 00:00
/home/ismail/Downloads/DEBIAN/postrm 100% 789 419.6KB/s 00:00 We can also change the downloaded directory name by providing the new name as the second parameter to the get command. In the following example we will set the downloaded file name as MyDownloads.
sftp> get -r Downloads/
MyDownloads/Upload File To Remote SFTP Server
We can also use the SFTP in order to upload local file to the remote SFTP server. The put command is used to upload local file or folder to the remote server by poviding the local file or folder name.
sftp> put file1.txt
Uploading file1.txt to /home/ismail/file1.txt
file1.txt 0% 0 0.0KB/s --:-- ETA
In order to upload folders to the remote SFTP server the recursive option should be provided to the put command. -r is used for recursive folder and content upload to the remote server.
sftp> put -r DownloadsExit From SCP Interactive Shell or Close SFTP Connection
The interactive SCP shell can be closed and quit by using the exit or bye commands like below.
sftp>
sftp>
sftp> exit
$
$or by using the bye SFTP command like below.
sftp>
sftp>
sftp> bye
$
$