How to Use SFTP command to transfer Files securely over FTP

FTP, the File Transfer Protocol, was a popular, unencrypted means of sending data between two distant servers.

As of 2022, FTP has been deprecated by most current software owing to a lack of security, and can usually only be used in outdated applications or private networks like LAN, VPN, localhost, etc.

SFTP, which stands for SSH File Transfer Protocol, is an upgraded protocol inside the SSH that can perform FTP over a secure connection.

SFTP is an Interactive program to copy files between hosts over SSH and an alternative to non-interactive file transferring tools like SCP (check tutorial - What is SCP) and RSYNC (check tutorial What is RSYNC Command).

In virtually all circumstances, SFTP is superior to FTP because of its underlying security features and ability to piggyback on an SSH connection. FTP is an insecure protocol that should only be used in restricted instances or on networks you trust.

Although SFTP also comes with many graphical programs, this post will teach how to utilize it using its interactive command line interface.

If you are a Windows user, Putty is a good tool for doing SFTP.

sftp command syntax:

sftp [-46AaCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher] [-D sftp_server_path] [-F ssh_config] [-i identity_file] [-J destination] [-l limit][-o ssh_option] [-P port] [-R num_requests] [-S program] [-s subsystem | sftp_server] destination

How to connect using SFTP in Linux

By default, SFTP employs the SSH protocol to authenticate and create a secure connection. Because of this, the authentication process and technique are the same as in SSH.

You can SSH to a remote system using a username/password, but it is advised to use Key pair for authentication. AWS (Amazon Web Services) provides a .pem key for connecting over SSH. For windows, you may need a .ppk key. You can also generate your own ssh key locally and use it.

Please review this instruction to set up SSH keys in order to access your server if you have not done so before.

If you can connect to a system via SSH, then you have already met all of the basic criteria necessary to utilize SFTP to handle files.

Test SSH access using the following command:

ssh username@your_server_ip_or_remote_hostname

Where the username is the username and along with that, you can use the IP address of the remote server or its address.

If you want to use the ssh key, then you can use the -i flag. For example, to connect to an AWS instance,

ssh -i YOUR_KEY.pem username@your_server_ip_or_remote_hostname

The .pem file is used in Linux-based systems or macOS. For Windows, you need a .ppk key.

If the above ssh command succeeds, you can exit out by typing:

exit

Setup SFTP connection to a remote server

Now that we have successfully connected to our remote server using ssh, we can create an SFTP session by executing the following command:

sftp username@your_server_ip_or_remote_hostname

You will connect to the remote system and your prompt will change to an SFTP prompt.

If you are working on a custom SSH port (not the usual port 22), then you can provide the Post number while setting up an SFTP session as follows:

sftp -oPort=XXXX username@your_server_ip_or_remote_hostname

where XXXX is the custom port number.

This will connect you to the remote system using the provided port.

Learn more about SFTP (command and flags)

You can use the following command to show the manpages for the sftp command, which is like the blueprint for this command. It will show you all the details about the sftp command along with the different flags available, that you can use along with its usage.

info sftp

Here is the output for this command,

Navigating in remote file structure using SFTP command

We may travel through the remote system's file hierarchy using a variety of commands that behave similarly to their shell equivalents.

First, let’s orient ourselves by figuring out the directory we are in today on the remote system. Just as in a standard shell session, we can enter the following to retrieve the current directory:

To access another directory, we may use this command:

cd testDirectory

We can now traverse the distant file system, but what if we need to access our local file system? We may direct instructions towards the local file system by preceding them with a l for local.

To list the files in the current directory, we may use this command:

sftp> ls

Upload and download a file with SFTP

As of now, we can jump through different directories and see the content inside. SFTP enables you to upload and download files.

For transferring files between client and server, we can use get and put commands after traversing to the directory and locating the desired file.

To transfer a remote file to the local system, we may use this command::

sftp> get /path/to/remote-file

To transfer all files in files in a remote directory to the local system, we may use this command:

sftp> get -R /path/to/remote-directory

To transfer a local file to the remote system, we may use this command:

sftp> put /path/to/local_file

To transfer multiple files from the local system to the remote system, we may use this command:

sftp> mput *.txt

To transfer multiple files from the remote system to the local system, we may use this command:

sftp> mget *.db

Simple File Manipulations using SFTP

SFTP enables you to execute certain sorts of filesystem maintenance. For instance, you may change the owner of a file on the remote system with:

chown userID file

Notice how, unlike the standard chmod command, the SFTP command does not take users, but instead utilizes UIDs. Unfortunately, there is no built-in mechanism to know the necessary UID from inside the SFTP interface.

As a workaround, you may read from the /etc/passwd file, which links usernames with UIDs in most Linux environments:

Output
drwxr-xr-x    5 demouser   demouser       4096 Aug 13 15:11 .
drwxr-xr-x    3 root     root         4096 Aug 13 15:02 ..
-rw-------    1 demouser   demouser          5 Aug 13 15:04 .bash_history
-rw-r--r--    1 demouser   demouser        220 Aug 13 15:02 .bash_logout
-rw-r--r--    1 demouser   demouser       3486 Aug 13 15:02 .bashrc
drwx------    2 demouser   demouser       4096 Aug 13 15:04 .cache
-rw-r--r--    1 demouser   demouser        675 Aug 13 15:02 .profile
. . .

Notice how instead of supplying the ! command by itself, we’ve used it as a prefix for a local shell command. This works to execute any command accessible on our local system and could have been used with the local df command before.

SFTP also enables you to create folders on both local and remote systems using lmkdir and mkdir accordingly.

The remainder of the file instructions target just the remote filesystem:

ln

rm

rmdir

These commands duplicate the essential behavior of their shell counterparts. If you need to conduct these tasks on the local file system, remember that you may drop into a shell by executing this command.

Or run a single command on the local system by prefacing the command with ! like so:

!chmod 644 somefile

When you are through with your SFTP session, use exit or bye to end the connection.

bye

Conclusion

Although SFTP syntax is significantly less complete than contemporary shell tools, it might be helpful for ensuring compatibility with old FTP syntax or for carefully restricting the capabilities accessible to remote users of specific setups.

If you are accustomed to utilizing FTP or SCP to execute your transfers, SFTP is a fantastic method to harness the capabilities of both. While it is not ideal for every scenario, it is a versatile tool to have in your toolbox.