How to transmit files securely using SFTP

How to transmit files securely using SFTP
What is SFTP?

Before learning about SFTP, let's take a look at what FTP is. File Transfer Protocol (FTP) is a common method for transferring files between two terminal systems.

SFTP is the SSH File Transfer Protocol (SSH File Transfer Protocol), or the Secure File Transfer Protocol (Secure File Transfer Protocol ). SFTP is an independent SSH Encapsulation Protocol package that works in a similar way through secure connections. Its advantage lies in its ability to transmit files through secure connections and traverse file systems on local and remote systems.

In most cases, SFTP rather than FTP is preferred, because the most basic security features of SFTP can be used for SSH connection. FTP is an insecure protocol and should be used only in a specific situation or in a trusted network.

Although SFTP integrates many graphical tools, this Guide demonstrates how to use the interactive command line interface. The following is a user guide.

How to Use SFTP connection

By default, SFTP uses the SSH protocol for authentication and establishes a secure connection. Because of this, the same authentication method in SSH is available.

Although it is convenient to use and set passwords by default, we strongly recommend that you create an SSH key to pass your public key to all the systems you need to access. In the long run, this will be safer and save your time.

If you have not set an SSH key, click here to view the guide for setting an SSH key to access your server.

If you can connect to your host using SSH, you have completed all the necessary requirements for using SFTP to manage your files. Run the following command to test SSH access:

ssh username@remote_hostname_or_IP

If the previous command is successful, enter this command to exit:

exit

Create an SSH connection to open an SFTP session. In this process, run the following command:

sftp username@remote_hostname_or_IP

In this way, you connect to the remote system, and your prompt will also become an SFTP prompt.

View the help documentation in the SFTP command line

Old rules: first understand the most useful command -- help, which will provide you with an overview of SFTP help. You can enter either of the following two to open the help:

help

?

The following command list is displayed:

Available commands:bye                                Quit sftpcd path                            Change remote directory to 'path'chgrp grp path                     Change group of file 'path' to 'grp'chmod mode path                    Change permissions of file 'path' to 'mode'chown own path                     Change owner of file 'path' to 'own'df [-hi] [path]                    Display statistics for current directory or                                   filesystem containing 'path'exit                               Quit sftpget [-Ppr] remote [local]          Download filehelp                               Display this help textlcd path                           Change local directory to 'path'. . .

Next, we will discuss some of the above commands.

Basic SFTP Shell operations

We can use most commands similar to the local Shell to browse the entire directory structure.

First, we need to determine the current working directory. How can we determine? Similar to most Shell sessions, you can run the following command to obtain the current directory information:
pwd

Remote working directory:/home/demouser

Another familiar command, ls, is used to view the content in the current directory.

ls

Summary.txt    info.txt    temp.txt    testDirectory

It is worth noting that the SFTP command line does not have a wide variety of Shell functions like Bash, but it only selectively implements some important parameters:

ls -la

drwxr-xr-x    5 demouser   demouser       4096 Aug 13 15:11 .drwxr-xr-x    3 root     root         4096 Aug 13 15:02 ..-rw-------    1 demouser   demouser          5 Aug 13 15:04 .bash_history-rw-r--r--    1 demouser   demouser        220 Aug 13 15:02 .bash_logout-rw-r--r--    1 demouser   demouser       3486 Aug 13 15:02 .bashrcdrwx------    2 demouser   demouser       4096 Aug 13 15:04 .cache-rw-r--r--    1 demouser   demouser        675 Aug 13 15:02 .profile. . .

Use the following command to switch to another directory:

cd testDirectory

Now we can traverse the remote file system! But what if we need to access the local file system? You only need to add a prefix "l" (lower-case L) to these commands to perform operations on the local host.

So far, all the commands we have talked about have corresponding local versions. We can print out the working directory of the local host as follows:

lpwd

Local working directory:/Users/demouser

Similarly, we can list the contents of the current working directory on the local machine:

lls

Desktoplocal.txttest.htmlDocumentsanalysis.rtfzebra.html

Obviously, we can easily switch the current working directory of the local host and remote host in a Shell:

lcd Desktop

Transfer files using SFTP

Accessing the content between two file systems cannot transfer files between local and remote file systems.

Download remote files to the local host

If we want to download files from the remote host, follow me to do this:

get remote_file_name

Fetching /home/demouser/remoteFile to remote_file_name/home/demouser/remote_file_name                      100%   37KB  36.8KB/s   00:01

As you can see, by default, the "get" command downloads files from the remote host to the local host without changing the file name.

Want to change the name? No problem! You can directly specify a different file name to copy the remote file:

get remote_file_name local_file_name

Here, there are some optional parameters for the "get" command. For example, we can open the recursive option to recursively copy the content in a folder:

get -r some_directory_name

We can also enable the "-P" or "-p" parameter to tell SFTP how to set and access time to keep the object's ACL:

get -Pr some_directory_name

Upload local files to the remote host

By using the "put" command, you can easily upload files to a remote host:

put local_file_name

Uploading localFile to /home/demouser/local_file_namelocal_file_name                                     100% 7607     7.4KB/s   00:00

"Put" has parameters similar to "get. In this way, you can upload the entire folder:

put -r local_directory_name

Note:
There is a BUG in the OpenSSH version running on the current Ubuntu system (at least 14.04-15.10). If you run the above command, an error is reported. When using OpenSSH with bugs, the following error is reported when you execute the preceding command to transfer files to the server:Couldn't canonicalise: No such file or directory
To solve this problem, entermkdir local_directory_nameCreate a target directory on the remote system. In this case, no error will be reported when you execute the above command.

When downloading and uploading files, we use the "df" command, a well-known and useful tool, which works in the same way as other command lines. With this function, you can check whether there is enough space to complete the file you want to transfer:

df -h

 Size     Used    Avail   (root)    %Capacity 19.9GB   1016MB   17.9GB   18.9GB           4%

Please note! This command does not have the corresponding ldf, but we can use "! "This command achieves the same purpose. (Speaking of this, I think of the article "Linux Command Line" in LinuxStory "! "Ten amazing usage", which is very good. We recommend it to friends who haven't seen it. Click here to get it .)

This "! "(Exclamation point) command to bring us back to the local Shell, where you can run all the commands available in our local system. Run the following command to check the hard disk usage:

!
df -h

Filesystem      Size   Used  Avail Capacity  Mounted on/dev/disk0s2   595Gi   52Gi  544Gi     9%    /devfs          181Ki  181Ki    0Bi   100%    /devmap -hosts       0Bi    0Bi    0Bi   100%    /netmap auto_home    0Bi    0Bi    0Bi   100%    /home

In this way, any other local command will be as effective as you expect. Returns an SFTP session. input:

exit

Now you can see that the SFTP prompt is back.

In fact, you can run the local host command without exiting the SFTP Shell. If you have executed the Shell command in VIM, what do you mean.

Simple file operations using SFTP

SFTP allows you to execute basic file maintenance types, which are useful when you have a file system.

For example, you can use the following command to change the file owner on the remote system:

chown userID file

Note that, unlike the system "chmod" command, this SFTP command does not accept the user name and replaces it with the user's UID. Unfortunately, there is no easy way to get the UID through the SFTP interface.

You can use this command to solve this thorny problem:

get /etc/passwd!less passwd

root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/sh. . .

Note that it is "! "Rather than" l ", which is different from the previous" l "prefix. We can use it to execute local Shell commands in the same way as in VIM. Previously, it was used on the local df command.

UID appears in the third column of the file, which is defined by a colon.

Similarly, we can change the file group:

chgrp groupID file

Again, it is not that easy to get the GID of the remote system. We can solve the problem in the same way:

get /etc/group!less group

root:x:0:daemon:x:1:bin:x:2:sys:x:3:adm:x:4:tty:x:5:disk:x:6:lp:x:7:. . .

Obviously, the third column corresponds to the GID of the user group in the first column. This is what we are looking!
Fortunately, this "chmod" command can execute this command on a remote file system:
chmod 777 publicFile

Changing mode on /home/demouser/publicFile

Although there is no ready-made command to operate on local files, you can set local umask. In this way, all files copied to the local system have the corresponding permissions.

Run the "lumask" command to complete this operation:
lumask 022
Local umask: 022

Currently, all regular file downloads (as long as the "-p" parameter is not enabled) have 644 permissions.

SFTP allows you to create a directory on the local file system and remote file system, using the "lmkdir" and "mkdir" commands respectively, which is absolutely useful!

The remaining file commands only target remote file systems:

lnrmrmdir

These commands copy the basic features of the Shell version. If you need to perform these operations on the local file system, remember that you can enter this command to switch to Shell:
!
Or execute this addition in the local system. Prefix command, such:

!chmod 644 somefile

When you have completed the SFTP session, use "exit" or "bye" to close the connection:
bye

Summary

Although SFTP is a simple tool, it is very convenient to use it to manage servers and transfer files between clients and servers.

If you are used to using FTP or SCP for your transmission, you can try SFTP, which has two advantages. Although it is not as expected in all circumstances, it is a flexible tool and worth joining your skill library!

By Justin Ellingwood

Configure the SFTP environment for non-SSH users in Linux

This article permanently updates the link address: