How To Use SFTP Command to Securely Transfer Files and Folders?

FTP is a very popular protocol that is named File Transfer Protocol used to transfer files between client and server over the network or internet. FTP exists for a long time and at the time it created security was not important. But today IT needs security and the SFTP or Secure File Transfer Protocol is created with security over existing FTP. SFTP is superior in all cases over the FTP and if it is possible the SFTP should be used. The command sftp is used to connect remote SFTP servers. It is provided for Linux distributions like Ubuntu, Debian, Mint, CentOS, Fedora, RHEL, SUSE etc. from central repositories.

The SFTP protocol has multiple version where the version 6 is the latest sftp version which is relased in 2006. As a simple and secure protocol it do not provide new features regularly.

SFTP Commands

SFTP or SFTP Interactive shell provides following commands after logging in SFTP server. These commands are executed in the interactive shell. For example the exit or bye commands can be used to close the SFTP sessions and connection by quiting from the interactive shell.

CommandDescription
byeExit or quit from SFTP
exitExit or quit from SFTP
cd PATHChange current working directory to the PATH
chgrp GROUP PATHChange group ownership to GROUP for the PATH
chmod MOD PATHChange file or folder permission to MOD for the PATH
lcd PATHChange local current working directory to the PATH
lls PATHList local files and folder on the specified PATH
ls PATHList remote files and folder on the specified PATH
mkdir PATHCreate directory specified PATH
progressShow progress during upload or download
pwdPrint remote system working directory
rename OLD_PATH NEW_PATHRename remote file or folder from OLD_PATH to NEW_PATH
rm PATHRemove/Delete remote file or folder on the specified PATH
versionShow version information

Connect SFTP Server

The SFTP uses the SSH port and service to connect the remote system. Also, the authentication is done via the SSH subsystem where current SSH users or system users are used to log in. Like an SSH connection, the SFTP authentication can be done via password or SSH keys, or certificates. In order to connect SFTP server, we will provide the username which is ismail and the IP address which is 192.168.142.133 like below.

$ sftp [email protected]
Connected to 192.168.142.133.
sftp> 
sftp> 
sftp> 

After the connection is established the interactive SFTP shell will be provided. All SFTP commands are provided to this shell to upload and download files and folders. By default, the session creation requires a password for authentication but in this case, we have used a certificate for authentication. If there is no certificate setup for authentication the password is prompted like below.

password:

Passwordless Key Based SFTP Authentication

Like the SSH the SFTP connection and authentication can be done with the SSH keys without typing the password again and again for every connection. First, we will copy the current user public key to the remote SFTP server. But the current user may not have a public and private SSH key pair. So first we will create the SSH keys with the following command.

$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ismail/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/ismail/.ssh/id_rsa
Your public key has been saved in /home/ismail/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:US4aOw+rkYDBNSk+iVzFiHRZalYzfzSiFF3+72O5Vws ismail@ubuntu
The key's randomart image is:
+---[RSA 3072]----+
|...+BOo..+.      |
|.oo==.=.+o.      |
|=.++ ...oo.      |
|.Bo    +.o.      |
|. o   = S  .     |
|   . . =    .E  .|
|    o . .    .o o|
|     o      .+ o |
|    .       .o+  |
+----[SHA256]-----+

The public and private SSH key pair is created and the public key can be transferred to the remote SFTP or SSH server with the following command by providing the username. The public key will be matched with the provided user name and in every connecton the provided public key will be used for passwordless authentication.

$ ssh-copy-id [email protected]
The authenticity of host '192.168.142.133 (192.168.142.133)' can't be established.
ECDSA key fingerprint is SHA256:FERLei2YfaohZ8FN5oNc8biHDR4i1jevewwSv9expJ0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

$

Display SFTP Help Information

SFTP provides different commands similar to the Linux shell to list files. Help information about the SFTP commands and description can be listed with the ? (question mark) like below. Alternatively, the help command of the SFTP interactive shell can be used according to ? .

sftp> ?
Available commands:
bye                                Quit sftp
cd path                            Change remote directory to 'path'
chgrp [-h] grp path                Change group of file 'path' to 'grp'
chmod [-h] mode path               Change permissions of file 'path' to 'mode'
chown [-h] own path                Change owner of file 'path' to 'own'
df [-hi] [path]                    Display statistics for current directory or
                                   filesystem containing 'path'
exit                               Quit sftp
get [-afpR] remote [local]         Download file
help                               Display this help text
lcd path                           Change local directory to 'path'
lls [ls-options [path]]            Display local directory listing
lmkdir path                        Create local directory
ln [-s] oldpath newpath            Link remote file (-s for symlink)
lpwd                               Print local working directory
ls [-1afhlnrSt] [path]             Display remote directory listing
lumask umask                       Set local umask to 'umask'
mkdir path                         Create remote directory
progress                           Toggle display of progress meter
put [-afpR] local [remote]         Upload file
pwd                                Display remote working directory
quit                               Quit sftp
reget [-fpR] remote [local]        Resume download file
rename oldpath newpath             Rename remote file
reput [-fpR] local [remote]        Resume upload file
rm path                            Delete remote file
rmdir path                         Remove remote directory
symlink oldpath newpath            Symlink remote file
version                            Show SFTP version
!command                           Execute 'command' in local shell
!                                  Escape to local shell
?                                  Synonym for help

Show SFTP Version

During time SFTP protocol gained new features with the new version. The most recent version of the SFTP is 3 and in an interactive SFTP connection the SFTP version can be displayed with the version command like below.

sftp> version
SFTP protocol version 3
sftp> 

List Files On Remote SFTP Server

The ls command can be used to list files and folder on the remote server. The ls command will run on the current working directory.

sftp> ls
Desktop       Documents     Downloads     Music         Pictures      Public        Templates     
Videos        example.txt   file1.txt     file2.txt     passwd        snap          test.txt      
test1         

Alternatively a path can be specified in order to list files and folders on the specified path. In the following example we will list contents of the Downloads .

sftp> ls Downloads/
Downloads/DEBIAN                                 Downloads/sample_5184×3456.bmp                  
Downloads/teamviewer_15.9.5_amd64.deb  

Navigate and Change Directory

The SFTP provides commands similar to the Linux in order to list current working directory, change and navigate local and remote path. We can use the pwd command in order to list remote or SFTP server current working directory.

sftp> pwd
Remote working directory: /home/ismail

Also the lpwd command can be used to list local system current working directory. As its nature it doesn’t require a parameter.

sftp> pwd
Remote working directory: /home/ismail

The remote SFTP server current working directory can be changed using the cd command. Similarto the Linux shell the . or .. can be used for current and parent directory specification.

sftp> pwd
Remote working directory: /home/ismail
sftp> cd Downloads/
sftp> pwd
Remote working directory: /home/ismail/Downloads

In order to change local system current working directory with the lcd command. Like cd command . and .. can be used for current and parent directories.

sftp> lpwd
Local working directory: /home/ismail
sftp> lcd Downloads/
sftp> lpwd
Local working directory: /home/ismail/Downloads

Download Files and Folders From SFTP Server

The most used operation and feature or actually the creation reason for the SFTP is downloading and uploading files and folders. The get command can be used to download specified files and folders to the local current working directory. This operation will transfer remote SFTP server files to the local directory securely. In the following example, we will download the file named teamciewer_15.9.5_amd64.deb to the local system.

sftp> get teamviewer_15.9.5_amd64.deb 
Fetching /home/ismail/Downloads/teamviewer_15.9.5_amd64.deb to teamviewer_15.9.5_amd64.deb
/home/ismail/Downloads/teamviewer_15.9.5_amd64.deb                0%    0     0.0KB/s   --:-- ETA

Alternatively, we can define the download file name with a new or different name. We will just put a second parameter to the get command as a new file name. In the following example, we will set the downloaded file name as teamviewer.deb .

sftp> get teamviewer_15.9.5_amd64.deb teamviewer.deb

By default the downloaded file will be put into the local current working directory. But we can change this path by adding the download path and file name.

sftp> get teamviewer_15.9.5_amd64.deb  MyFiles/teamviewer.deb

In order to download folders and their contents recursively the -r option should be used after the get command. Also the directory we want to download will be provided which is Downloads/ in this example. We can see below that the contents are downloaded recursively and information about the progress is displayed on the screen in real-time.

sftp> get -r Downloads/
Fetching /home/ismail/Downloads/ to Downloads
Retrieving /home/ismail/Downloads
/home/ismail/Downloads/sample_5184×3456.bmp    100%   51MB   6.3MB/s   00:08    
Retrieving /home/ismail/Downloads/DEBIAN
/home/ismail/Downloads/DEBIAN/conffiles          100%   40    18.4KB/s   00:00    
/home/ismail/Downloads/DEBIAN/control          100% 1657   426.8KB/s   00:00    
/home/ismail/Downloads/DEBIAN/prerm             100%  953    65.5KB/s   00:00    
/home/ismail/Downloads/DEBIAN/preinst        100%  682   273.0KB/s   00:00    
/home/ismail/Downloads/DEBIAN/postinst         100% 1125   569.0KB/s   00:00    
/home/ismail/Downloads/DEBIAN/postrm          100%  789   419.6KB/s   00:00    

We can also change the downloaded directory name by providing the new name as the second parameter to the get command. In the following example we will set the downloaded file name as MyDownloads.

sftp> get -r Downloads/
 MyDownloads/

Upload File To Remote SFTP Server

We can also use the SFTP in order to upload local file to the remote SFTP server. The put command is used to upload local file or folder to the remote server by poviding the local file or folder name.

sftp> put file1.txt
Uploading file1.txt to /home/ismail/file1.txt
file1.txt                                    0%    0     0.0KB/s   --:-- ETA

In order to upload folders to the remote SFTP server the recursive option should be provided to the put command. -r is used for recursive folder and content upload to the remote server.

sftp> put -r Downloads

Exit From SCP Interactive Shell or Close SFTP Connection

The interactive SCP shell can be closed and quit by using the exit or bye commands like below.

sftp> 
sftp> 
sftp> exit
$ 
$

or by using the bye SFTP command like below.

sftp> 
sftp> 
sftp> bye
$ 
$ 

Leave a Comment