How to transmit files securely using SFTP
What is SFTP?
Before learning about SFTP, let's take a look at what FTP is. File Transfer Protocol (FTP) is a common method for transferring files between two terminal systems.
SFTP is the SSH File Transfer Protocol (SSH File Transfer Protocol), or the Secure File Transfer Protocol (Secure File Transfer Protocol ). SFTP is an independent SSH Encapsulation Protocol package that works in a similar way through secure connections. Its advantage lies in its ability to transmit files through secure connections and traverse file systems on local and remote systems.
In most cases, SFTP rather than FTP is preferred, because the most basic security features of SFTP can be used for SSH connection. FTP is an insecure protocol and should be used only in a specific situation or in a trusted network.
Although SFTP integrates many graphical tools, this Guide demonstrates how to use the interactive command line interface. The following is a user guide.
How to Use SFTP connection
By default, SFTP uses the SSH protocol for authentication and establishes a secure connection. Because of this, the same authentication method in SSH is available.
Although it is convenient to use and set passwords by default, we strongly recommend that you create an SSH key to pass your public key to all the systems you need to access. In the long run, this will be safer and save your time.
If you have not set an SSH key, click here to view the guide for setting an SSH key to access your server.
If you can connect to your host using SSH, you have completed all the necessary requirements for using SFTP to manage your files. Run the following command to test SSH access:
ssh username@remote_hostname_or_IP
If the previous command is successful, enter this command to exit:
exit
Create an SSH connection to open an SFTP session. In this process, run the following command:
sftp username@remote_hostname_or_IP
In this way, you connect to the remote system, and your prompt will also become an SFTP prompt.
View the help documentation in the SFTP command line
Old rules: first understand the most useful command -- help, which will provide you with an overview of SFTP help. You can enter either of the following two to open the help:
help
?
The following command list is displayed:
Available commands:bye Quit sftpcd path Change remote directory to 'path'chgrp grp path Change group of file 'path' to 'grp'chmod mode path Change permissions of file 'path' to 'mode'chown own path Change owner of file 'path' to 'own'df [-hi] [path] Display statistics for current directory or filesystem containing 'path'exit Quit sftpget [-Ppr] remote [local] Download filehelp Display this help textlcd path Change local directory to 'path'. . .
Next, we will discuss some of the above commands.
Basic SFTP Shell operations
We can use most commands similar to the local Shell to browse the entire directory structure.
First, we need to determine the current working directory. How can we determine? Similar to most Shell sessions, you can run the following command to obtain the current directory information:
pwd
Remote working directory:/home/demouser
Another familiar command, ls, is used to view the content in the current directory.
ls
Summary.txt info.txt temp.txt testDirectory
It is worth noting that the SFTP command line does not have a wide variety of Shell functions like Bash, but it only selectively implements some important parameters:
ls -la
drwxr-xr-x 5 demouser demouser 4096 Aug 13 15:11 .drwxr-xr-x 3 root root 4096 Aug 13 15:02 ..-rw------- 1 demouser demouser 5 Aug 13 15:04 .bash_history-rw-r--r-- 1 demouser demouser 220 Aug 13 15:02 .bash_logout-rw-r--r-- 1 demouser demouser 3486 Aug 13 15:02 .bashrcdrwx------ 2 demouser demouser 4096 Aug 13 15:04 .cache-rw-r--r-- 1 demouser demouser 675 Aug 13 15:02 .profile. . .
Use the following command to switch to another directory:
cd testDirectory
Now we can traverse the remote file system! But what if we need to access the local file system? You only need to add a prefix "l" (lower-case L) to these commands to perform operations on the local host.
So far, all the commands we have talked about have corresponding local versions. We can print out the working directory of the local host as follows:
lpwd
Local working directory:/Users/demouser
Similarly, we can list the contents of the current working directory on the local machine:
lls
Desktoplocal.txttest.htmlDocumentsanalysis.rtfzebra.html
Obviously, we can easily switch the current working directory of the local host and remote host in a Shell:
lcd Desktop
Transfer files using SFTP
Accessing the content between two file systems cannot transfer files between local and remote file systems.
Download remote files to the local host
If we want to download files from the remote host, follow me to do this:
get remote_file_name
Fetching /home/demouser/remoteFile to remote_file_name/home/demouser/remote_file_name 100% 37KB 36.8KB/s 00:01
As you can see, by default, the "get" command downloads files from the remote host to the local host without changing the file name.
Want to change the name? No problem! You can directly specify a different file name to copy the remote file:
get remote_file_name local_file_name
Here, there are some optional parameters for the "get" command. For example, we can open the recursive option to recursively copy the content in a folder:
get -r some_directory_name
We can also enable the "-P" or "-p" parameter to tell SFTP how to set and access time to keep the object's ACL:
get -Pr some_directory_name
Upload local files to the remote host
By using the "put" command, you can easily upload files to a remote host:
put local_file_name
Uploading localFile to /home/demouser/local_file_namelocal_file_name 100% 7607 7.4KB/s 00:00
"Put" has parameters similar to "get. In this way, you can upload the entire folder:
put -r local_directory_name
Note:
There is a BUG in the OpenSSH version running on the current Ubuntu system (at least 14.04-15.10). If you run the above command, an error is reported. When using OpenSSH with bugs, the following error is reported when you execute the preceding command to transfer files to the server:Couldn't canonicalise: No such file or directory
To solve this problem, entermkdir local_directory_name
Create a target directory on the remote system. In this case, no error will be reported when you execute the above command.
When downloading and uploading files, we use the "df" command, a well-known and useful tool, which works in the same way as other command lines. With this function, you can check whether there is enough space to complete the file you want to transfer:
df -h
Size Used Avail (root) %Capacity 19.9GB 1016MB 17.9GB 18.9GB 4%
Please note! This command does not have the corresponding ldf, but we can use "! "This command achieves the same purpose. (Speaking of this, I think of the article "Linux Command Line" in LinuxStory "! "Ten amazing usage", which is very good. We recommend it to friends who haven't seen it. Click here to get it .)
This "! "(Exclamation point) command to bring us back to the local Shell, where you can run all the commands available in our local system. Run the following command to check the hard disk usage:
!
df -h
Filesystem Size Used Avail Capacity Mounted on/dev/disk0s2 595Gi 52Gi 544Gi 9% /devfs 181Ki 181Ki 0Bi 100% /devmap -hosts 0Bi 0Bi 0Bi 100% /netmap auto_home 0Bi 0Bi 0Bi 100% /home
In this way, any other local command will be as effective as you expect. Returns an SFTP session. input:
exit
Now you can see that the SFTP prompt is back.
In fact, you can run the local host command without exiting the SFTP Shell. If you have executed the Shell command in VIM, what do you mean.
Simple file operations using SFTP
SFTP allows you to execute basic file maintenance types, which are useful when you have a file system.
For example, you can use the following command to change the file owner on the remote system:
chown userID file
Note that, unlike the system "chmod" command, this SFTP command does not accept the user name and replaces it with the user's UID. Unfortunately, there is no easy way to get the UID through the SFTP interface.
You can use this command to solve this thorny problem:
get /etc/passwd!less passwd
root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/sh. . .
Note that it is "! "Rather than" l ", which is different from the previous" l "prefix. We can use it to execute local Shell commands in the same way as in VIM. Previously, it was used on the local df command.
UID appears in the third column of the file, which is defined by a colon.
Similarly, we can change the file group:
chgrp groupID file
Again, it is not that easy to get the GID of the remote system. We can solve the problem in the same way:
get /etc/group!less group
root:x:0:daemon:x:1:bin:x:2:sys:x:3:adm:x:4:tty:x:5:disk:x:6:lp:x:7:. . .
Obviously, the third column corresponds to the GID of the user group in the first column. This is what we are looking!
Fortunately, this "chmod" command can execute this command on a remote file system:
chmod 777 publicFile
Changing mode on /home/demouser/publicFile
Although there is no ready-made command to operate on local files, you can set local umask. In this way, all files copied to the local system have the corresponding permissions.
Run the "lumask" command to complete this operation:
lumask 022
Local umask: 022
Currently, all regular file downloads (as long as the "-p" parameter is not enabled) have 644 permissions.
SFTP allows you to create a directory on the local file system and remote file system, using the "lmkdir" and "mkdir" commands respectively, which is absolutely useful!
The remaining file commands only target remote file systems:
lnrmrmdir
These commands copy the basic features of the Shell version. If you need to perform these operations on the local file system, remember that you can enter this command to switch to Shell:
!
Or execute this addition in the local system. Prefix command, such:
!chmod 644 somefile
When you have completed the SFTP session, use "exit" or "bye" to close the connection:
bye
Summary
Although SFTP is a simple tool, it is very convenient to use it to manage servers and transfer files between clients and servers.
If you are used to using FTP or SCP for your transmission, you can try SFTP, which has two advantages. Although it is not as expected in all circumstances, it is a flexible tool and worth joining your skill library!
By Justin Ellingwood
Configure the SFTP environment for non-SSH users in Linux
This article permanently updates the link address: