How To Use SFTP to Securely Transfer Files
FTP, or “File Transfer Protocol” is a popular method of transferring files between two remote systems.
SFTP, which stands for SSH File Transfer Protocol, or Secure File Transfer Protocol, is a separate protocol packaged with SSH that works in a similar way over a secure connection. The advantage is the ability to leverage a secure connection to transfer files and traverse the file system on both the local and remote system.
In almost all cases, SFTP is preferable to FTP because of its underlying security features and ability to piggy-back on an SSH connection. FTP is an insecure protocol that should only be used in limited cases or on networks you trust.
Although SFTP is integrated into many graphical tools, this guide will demonstrate how to use it through its interactive command line interface.
By default, SFTP uses the SSH protocol to authenticate and establish a secure connection. Because of this, the same authentication methods are available that are present in SSH.
Although passwords are easy to use and set up by default, we recommend you create SSH keys and transfer your public key to any system that you need to access. This is much more secure and can save you time in the long run.
Please see the guide to set up SSH keys in order to access your server if you have not done so already.
If you can connect to the machine using SSH, then you have completed all of the necessary requirements necessary to use SFTP to manage files.
Test SSH access with the following command:ssh username@remote_hostname_or_IPIf that works, exit back out by typing:exitWe can establish an SSH connection and then open up an SFTP session using that connection by issuing the following command:sftp username@remote_hostname_or_IPYou will connect the the remote system and your prompt will change to an SFTP prompt.
The most useful command to learnis the help command. This gives you access to a summary of the SFTP help.
You can call the help command by typing either of these in the prompt:
help or ?
This will display a list of the available commands:
bye - Quit sftpcd path - Change remote directory to 'path'chgrp grp path - Change group of file 'path' to 'grp'chmod mode path - Change permissions of file 'path' to 'mode'chown own path - Change owner of file 'path' to 'own'df [-hi] [path] - Display statistics for current directory or file system containing 'path'exit - Quit sftpget [-Ppr] remote [local] - Download filehelp - Display this help textlcd path - Change local directory to 'path'
We can navigate through the remote system’s file hierarchy using a number of commands that function similarly to their shell counterparts.
Type the following to get the current directory:
sftp> pwdRemote working directory: /home/cfmc
View the contents of the current directory of the remote system with the following command:
sftp> lsclearlogs.log clearlogs2.log fgi_cronscripts init_cdi.log init_cdi2.log2 init_cdi3.log runcdi.log servdown.log
Note that the commands within the SFTP interface are not the normal shell commands and are not as feature-rich, but they do implement some of the more important optional flags:
sftp> ls -ladrwxrwxrwx 4 cfmc cfmc 4096 Nov 16 2013 .drwx------ 9 cfmc cfmc 4096 Oct 16 15:41 ..-rw-r--r-- 1 cfmc cfmc 0 Oct 16 01:55 clearlogs.log-rw-r--r-- 1 cfmc cfmc 0 Oct 16 02:55 clearlogs2.logdrwxrwxrwx 2 cfmc cfmc 4096 Nov 14 2013 fgi_cronscripts-rw-rw-rw- 1 cfmc cfmc 155 Oct 16 05:10 init_cdi.log-rw-rw-rw- 1 cfmc cfmc 137 Oct 16 05:20 init_cdi2.log2-rw-rw-rw- 1 cfmc cfmc 137 Oct 16 05:30 init_cdi3.log-rw-rw-rw- 1 cfmc cfmc 109 Jul 19 2012 runcdi.log-rw-rw-rw- 1 cfmc cfmc 673 Oct 16 05:01 servdown.log-rw-rw-rw- 1 cfmc cfmc 61 Oct 16 15:41 snappit.log
To change to another directory, issue this command:
cd testdirectory
We can now traverse the remote file system. We can also direct commands towards the local file system by preceding them with an “l” for local.
All of the commands discussed so far have local equivalents.
We can print the local working directory:
sftp> lpwdLocal working directory: /cfmc/test8.3/mentor
We can list the contents of the current directory on the local machine:
sftp> llsallvr.spx date2.dat dupes.dat indxdata.doc mllab.spx ranks.spx tabs.spx ug99exam.zipbanrs.spx date2.spx dupes.spx input.ind mltpr.dat rdtab.spx tbfrt.ind ug99.indbanrs.tr date4.dat efficent.doc input.zip mltpr.spx read.spx tbfrt.zip util7.errbinary.doc date4.spx fixdlist laserjet.doc mover.dat read.tr tbmnp.dat wbtab.datbuglist delim.dat fndds.spx listtabs.bat mover.spx rnktb.dat tbmnp.spx wbtab.spxcfmcmenu.doc delim.spx frqtb.dat listtabs.mpe mydte.dat rnktb.spx tentrick.doc wishlistclnex.spx difcl.dat frqtb.spx listtabs.unx mydte.spx roadrunr tr2hp.doc zerop.datcmbdp.spx difcl.spx genwt.dat ljust.dat newrc.spx scanspl.spx trai2.spx zerop.spxcombo.zip divrw.dat genwt.spx ljust.spx order.dat scnbn.spx trail.datcomma.dat divrw.spx gmean.dat lsttb.spx order.spx smbal.zip trail.mstcomma.spx dlmbn.spx gmean.spx ment7.err outpt.ind split.dat trail.spxcomp.dat dmptb.spx index mentprep.spx outpt.zip split.spx trail.trlcomp.spx docsets.zip index.html mergenew.zip randv.spx survent.doc ttest.spxconvment.pl docst.ind index.unformat mllab.dat ranks.dat tabez.spx tvalues
Navigating the remote and local file systems is of limited usefulness without being able to transfer files between the two.
Transferring Remote Files to the Local System
If we would like download files from our remote host, we can do so by issuing the following command:
sftp> get runcdi.logFetching /home/cfmc/.bin/runcdi.log to runcdi.log/home/cfmc/.bin/runcdi.log 100% 109 0.1KB/s 00:01
As you can see, by default, the “get” command downloads a remote file to a file with the same name on the local file system.
We can copy the remote file to a different name by specifying the name afterwards:
sftp> get runcdi.log localFileFetching /home/cfmc/.bin/runcdi.log to localFile/home/cfmc/.bin/runcdi.log 100% 109 0.1KB/s 00:00
The “get” command also takes some option flags. For instance, we can copy a directory and all of its contents by specifying the recursive option:
get -r someDirectory
We can tell SFTP to maintain the appropriate permissions and access times by using the “-P” or “-p” flag:
get -Pr someDirectory
Transferring Local Files to the Remote System
Transferring files to the remote system is just as easily accomplished by using the appropriately named “put” command:
sftp> put comma.spxUploading comma.spx to /home/cfmc/.bin/comma.spxcomma.spx 100% 2470 2.4KB/s 00:00
Further information on further elaborate functions and options can be found via the system command prompt by typing:
man sftp
Below is an example shell script that can be used in a cron to FTP files. In this particular example, this script when run in the bash shell can FTP Survox dumploga and snapper_counts files to the Survox FTP server.
#!/bin/bash## Example script to FTP nsnapper and dumploga files to the SURVOX FTP server# LAST MODIFIED DATE 10/07/2015# DUMPLOGA FOR VERSIONS 8.3 AND 8.6.1cd /cfmc/cfg/echo ---=== remove old dumploga files ===---rm yourcompanyname_linux_dumploga*.tar.gzecho ---=== copy to new file with date appended ===---cp dumploga dumploga_$(date +%Y%m%d)echo ---=== tarball log ===---tar -czf yourcompanyname_linux_dumploga_$(date +%Y%m%d).tar.gz dumploga_$(date +%Y%m%d)#sleep 30## NSNAPPER FOR VERSIONS 8.7+#cd /cfmc/snap#rm yourcompanyname_linux_nsnapper*.tar.gz#cp nsnapper_counts.$(date +%Y%m -d 'last month')* nsnapper_counts_$(date +%Y%m%d)#tar -czf yourcompanyname_linux_nsnapper_$(date +%Y%m%d).tar.gz nsnapper_counts_$(date +%Y%m%d)##sleep 30echo ---=== ftp to Survox ===---# FTP begin portion of scriptUSER='anonymous'PASSWD='yourname@yourcompany.com'ftp -in <<EODopen ftp.cfmc.comquote USER $USERquote PASS $PASSWDbincd inboundhashput /cfmc/cfg/yourcompanyname_linux_dumploga_$(date +%Y%m%d).tar.gz yourcompanyname_linux_dumploga_$(date +%Y%m%d).tar.gzquitEOD