FTP is a very popular protocol that is named File Transfer Protocol used to transfer files between client and server over the network or internet. FTP exists for a long time and at the time it created security was not important. But today IT needs security and the SFTP or Secure File Transfer Protocol is created with security over existing FTP. SFTP is superior in all cases over the FTP and if it is possible the SFTP should be used. The command
sftp is used to connect remote SFTP servers. It is provided for Linux distributions like Ubuntu, Debian, Mint, CentOS, Fedora, RHEL, SUSE etc. from central repositories.
The SFTP protocol has multiple version where the
version 6 is the latest sftp version which is relased in 2006. As a simple and secure protocol it do not provide new features regularly.
SFTP or SFTP Interactive shell provides following commands after logging in SFTP server. These commands are executed in the interactive shell. For example the
bye commands can be used to close the SFTP sessions and connection by quiting from the interactive shell.
|bye||Exit or quit from SFTP|
|exit||Exit or quit from SFTP|
|cd PATH||Change current working directory to the PATH|
|chgrp GROUP PATH||Change group ownership to GROUP for the PATH|
|chmod MOD PATH||Change file or folder permission to MOD for the PATH|
|lcd PATH||Change local current working directory to the PATH|
|lls PATH||List local files and folder on the specified PATH|
|ls PATH||List remote files and folder on the specified PATH|
|mkdir PATH||Create directory specified PATH|
|progress||Show progress during upload or download|
|pwd||Print remote system working directory|
|rename OLD_PATH NEW_PATH||Rename remote file or folder from OLD_PATH to NEW_PATH|
|rm PATH||Remove/Delete remote file or folder on the specified PATH|
|version||Show version information|
Connect SFTP Server
The SFTP uses the SSH port and service to connect the remote system. Also, the authentication is done via the SSH subsystem where current SSH users or system users are used to log in. Like an SSH connection, the SFTP authentication can be done via password or SSH keys, or certificates. In order to connect SFTP server, we will provide the username which is
ismail and the IP address which is
192.168.142.133 like below.
$ sftp [email protected] Connected to 192.168.142.133. sftp> sftp> sftp>
After the connection is established the interactive SFTP shell will be provided. All SFTP commands are provided to this shell to upload and download files and folders. By default, the session creation requires a password for authentication but in this case, we have used a certificate for authentication. If there is no certificate setup for authentication the password is prompted like below.
Passwordless Key Based SFTP Authentication
Like the SSH the SFTP connection and authentication can be done with the SSH keys without typing the password again and again for every connection. First, we will copy the current user public key to the remote SFTP server. But the current user may not have a public and private SSH key pair. So first we will create the SSH keys with the following command.
$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/ismail/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ismail/.ssh/id_rsa Your public key has been saved in /home/ismail/.ssh/id_rsa.pub The key fingerprint is: SHA256:US4aOw+rkYDBNSk+iVzFiHRZalYzfzSiFF3+72O5Vws [email protected] The key's randomart image is: +---[RSA 3072]----+ |...+BOo..+. | |.oo==.=.+o. | |=.++ ...oo. | |.Bo +.o. | |. o = S . | | . . = .E .| | o . . .o o| | o .+ o | | . .o+ | +----[SHA256]-----+
The public and private SSH key pair is created and the public key can be transferred to the remote SFTP or SSH server with the following command by providing the username. The public key will be matched with the provided user name and in every connecton the provided public key will be used for passwordless authentication.
$ ssh-copy-id [email protected] The authenticity of host '192.168.142.133 (192.168.142.133)' can't be established. ECDSA key fingerprint is SHA256:FERLei2YfaohZ8FN5oNc8biHDR4i1jevewwSv9expJ0. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '[email protected]'" and check to make sure that only the key(s) you wanted were added. $
Display SFTP Help Information
SFTP provides different commands similar to the Linux shell to list files. Help information about the SFTP commands and description can be listed with the
? (question mark) like below. Alternatively, the
help command of the SFTP interactive shell can be used according to
sftp> ? Available commands: bye Quit sftp cd path Change remote directory to 'path' chgrp [-h] grp path Change group of file 'path' to 'grp' chmod [-h] mode path Change permissions of file 'path' to 'mode' chown [-h] own path Change owner of file 'path' to 'own' df [-hi] [path] Display statistics for current directory or filesystem containing 'path' exit Quit sftp get [-afpR] remote [local] Download file help Display this help text lcd path Change local directory to 'path' lls [ls-options [path]] Display local directory listing lmkdir path Create local directory ln [-s] oldpath newpath Link remote file (-s for symlink) lpwd Print local working directory ls [-1afhlnrSt] [path] Display remote directory listing lumask umask Set local umask to 'umask' mkdir path Create remote directory progress Toggle display of progress meter put [-afpR] local [remote] Upload file pwd Display remote working directory quit Quit sftp reget [-fpR] remote [local] Resume download file rename oldpath newpath Rename remote file reput [-fpR] local [remote] Resume upload file rm path Delete remote file rmdir path Remove remote directory symlink oldpath newpath Symlink remote file version Show SFTP version !command Execute 'command' in local shell ! Escape to local shell ? Synonym for help
Show SFTP Version
During time SFTP protocol gained new features with the new version. The most recent version of the SFTP is 3 and in an interactive SFTP connection the SFTP version can be displayed with the
version command like below.
sftp> version SFTP protocol version 3 sftp>
List Files On Remote SFTP Server
ls command can be used to list files and folder on the remote server. The ls command will run on the current working directory.
sftp> ls Desktop Documents Downloads Music Pictures Public Templates Videos example.txt file1.txt file2.txt passwd snap test.txt test1
Alternatively a path can be specified in order to list files and folders on the specified path. In the following example we will list contents of the
sftp> ls Downloads/ Downloads/DEBIAN Downloads/sample_5184×3456.bmp Downloads/teamviewer_15.9.5_amd64.deb
Navigate and Change Directory
The SFTP provides commands similar to the Linux in order to list current working directory, change and navigate local and remote path. We can use the
pwd command in order to list remote or SFTP server current working directory.
sftp> pwd Remote working directory: /home/ismail
lpwd command can be used to list local system current working directory. As its nature it doesn’t require a parameter.
sftp> pwd Remote working directory: /home/ismail
The remote SFTP server current working directory can be changed using the
cd command. Similarto the Linux shell the
.. can be used for current and parent directory specification.
sftp> pwd Remote working directory: /home/ismail sftp> cd Downloads/ sftp> pwd Remote working directory: /home/ismail/Downloads
In order to change local system current working directory with the
lcd command. Like cd command
.. can be used for current and parent directories.
sftp> lpwd Local working directory: /home/ismail sftp> lcd Downloads/ sftp> lpwd Local working directory: /home/ismail/Downloads
Download Files and Folders From SFTP Server
The most used operation and feature or actually the creation reason for the SFTP is downloading and uploading files and folders. The
get command can be used to download specified files and folders to the local current working directory. This operation will transfer remote SFTP server files to the local directory securely. In the following example, we will download the file named
teamciewer_15.9.5_amd64.deb to the local system.
sftp> get teamviewer_15.9.5_amd64.deb Fetching /home/ismail/Downloads/teamviewer_15.9.5_amd64.deb to teamviewer_15.9.5_amd64.deb /home/ismail/Downloads/teamviewer_15.9.5_amd64.deb 0% 0 0.0KB/s --:-- ETA
Alternatively, we can define the download file name with a new or different name. We will just put a second parameter to the get command as a new file name. In the following example, we will set the downloaded file name as
sftp> get teamviewer_15.9.5_amd64.deb teamviewer.deb
By default the downloaded file will be put into the local current working directory. But we can change this path by adding the download path and file name.
sftp> get teamviewer_15.9.5_amd64.deb MyFiles/teamviewer.deb
In order to download folders and their contents recursively the
-r option should be used after the get command. Also the directory we want to download will be provided which is
Downloads/ in this example. We can see below that the contents are downloaded recursively and information about the progress is displayed on the screen in real-time.
sftp> get -r Downloads/ Fetching /home/ismail/Downloads/ to Downloads Retrieving /home/ismail/Downloads /home/ismail/Downloads/sample_5184×3456.bmp 100% 51MB 6.3MB/s 00:08 Retrieving /home/ismail/Downloads/DEBIAN /home/ismail/Downloads/DEBIAN/conffiles 100% 40 18.4KB/s 00:00 /home/ismail/Downloads/DEBIAN/control 100% 1657 426.8KB/s 00:00 /home/ismail/Downloads/DEBIAN/prerm 100% 953 65.5KB/s 00:00 /home/ismail/Downloads/DEBIAN/preinst 100% 682 273.0KB/s 00:00 /home/ismail/Downloads/DEBIAN/postinst 100% 1125 569.0KB/s 00:00 /home/ismail/Downloads/DEBIAN/postrm 100% 789 419.6KB/s 00:00
We can also change the downloaded directory name by providing the new name as the second parameter to the get command. In the following example we will set the downloaded file name as
sftp> get -r Downloads/ MyDownloads/
Upload File To Remote SFTP Server
We can also use the SFTP in order to upload local file to the remote SFTP server. The
put command is used to upload local file or folder to the remote server by poviding the local file or folder name.
sftp> put file1.txt Uploading file1.txt to /home/ismail/file1.txt file1.txt 0% 0 0.0KB/s --:-- ETA
In order to upload folders to the remote SFTP server the recursive option should be provided to the put command.
-r is used for recursive folder and content upload to the remote server.
sftp> put -r Downloads
Exit From SCP Interactive Shell or Close SFTP Connection
The interactive SCP shell can be closed and quit by using the
bye commands like below.
sftp> sftp> sftp> exit $ $
or by using the
bye SFTP command like below.
sftp> sftp> sftp> bye $ $