​How To Use SFTP to Securely Transfer Files

FTP, or “File Transfer Protocol” is a popular method of transferring files between two remote systems.

SFTP, which stands for SSH File Transfer Protocol, or Secure File Transfer Protocol, is a separate protocol packaged with SSH that works in a similar way over a secure connection. The advantage is the ability to leverage a secure connection to transfer files and traverse the file system on both the local and remote system.

In almost all cases, SFTP is preferable to FTP because of its underlying security features and ability to piggy-back on an SSH connection. FTP is an insecure protocol that should only be used in limited cases or on networks you trust.

Although SFTP is integrated into many graphical tools, this guide will demonstrate how to use it through its interactive command line interface.

By default, SFTP uses the SSH protocol to authenticate and establish a secure connection. Because of this, the same authentication methods are available that are present in SSH.

Although passwords are easy to use and set up by default, we recommend you create SSH keys and transfer your public key to any system that you need to access. This is much more secure and can save you time in the long run.

Please see the guide to set up SSH keys in order to access your server if you have not done so already.

If you can connect to the machine using SSH, then you have completed all of the necessary requirements necessary to use SFTP to manage files.

Test SSH access with the following command:ssh username@remote_hostname_or_IPIf that works, exit back out by typing:exitWe can establish an SSH connection and then open up an SFTP session using that connection by issuing the following command:sftp username@remote_hostname_or_IPYou will connect the the remote system and your prompt will change to an SFTP prompt.

The most useful command to learn
is the help command. This gives you access to a summary of the SFTP help.

You can call the help command by typing either of these in the prompt:

help or ?

This will display a list of the available commands:

bye - Quit sftpcd path - Change remote directory to 'path'chgrp grp path - Change group of file 'path' to 'grp'chmod mode path - Change permissions of file 'path' to 'mode'chown own path - Change owner of file 'path' to 'own'df [-hi] [path] - Display statistics for current directory or file system containing 'path'exit - Quit sftpget [-Ppr] remote [local] - Download filehelp - Display this help textlcd path - Change local directory to 'path'

We can navigate through the remote system’s file hierarchy using a number of commands that function similarly to their shell counterparts.

Type the following to get the current directory:

sftp> pwdRemote working directory: /home/cfmc

View the contents of the current directory of the remote system with the following command:

sftp> lsclearlogs.log        clearlogs2.log       fgi_cronscripts      init_cdi.log         init_cdi2.log2      init_cdi3.log        runcdi.log           servdown.log

Note that the commands within the SFTP interface are not the normal shell commands and are not as feature-rich, but they do implement some of the more important optional flags:

sftp> ls -ladrwxrwxrwx    4 cfmc     cfmc         4096 Nov 16  2013 .drwx------    9 cfmc     cfmc         4096 Oct 16 15:41 ..-rw-r--r--    1 cfmc     cfmc            0 Oct 16 01:55 clearlogs.log-rw-r--r--    1 cfmc     cfmc            0 Oct 16 02:55 clearlogs2.logdrwxrwxrwx    2 cfmc     cfmc         4096 Nov 14  2013 fgi_cronscripts-rw-rw-rw-    1 cfmc     cfmc          155 Oct 16 05:10 init_cdi.log-rw-rw-rw-    1 cfmc     cfmc          137 Oct 16 05:20 init_cdi2.log2-rw-rw-rw-    1 cfmc     cfmc          137 Oct 16 05:30 init_cdi3.log-rw-rw-rw-    1 cfmc     cfmc          109 Jul 19  2012 runcdi.log-rw-rw-rw-    1 cfmc     cfmc          673 Oct 16 05:01 servdown.log-rw-rw-rw-    1 cfmc     cfmc           61 Oct 16 15:41 snappit.log

To change to another directory, issue this command:

cd testdirectory

We can now traverse the remote file system. We can also direct commands towards the local file system by preceding them with an “l” for local.

All of the commands discussed so far have local equivalents.

We can print the local working directory:

sftp> lpwdLocal working directory: /cfmc/test8.3/mentor

We can list the contents of the current directory on the local machine:

sftp> llsallvr.spx     date2.dat    dupes.dat       indxdata.doc  mllab.spx  ranks.spx    tabs.spx      ug99exam.zipbanrs.spx     date2.spx    dupes.spx       input.ind     mltpr.dat  rdtab.spx    tbfrt.ind     ug99.indbanrs.tr      date4.dat    efficent.doc    input.zip     mltpr.spx  read.spx     tbfrt.zip     util7.errbinary.doc    date4.spx    fixdlist        laserjet.doc  mover.dat  read.tr      tbmnp.dat     wbtab.datbuglist       delim.dat    fndds.spx       listtabs.bat  mover.spx  rnktb.dat    tbmnp.spx     wbtab.spxcfmcmenu.doc  delim.spx    frqtb.dat       listtabs.mpe  mydte.dat  rnktb.spx    tentrick.doc  wishlistclnex.spx     difcl.dat    frqtb.spx       listtabs.unx  mydte.spx  roadrunr     tr2hp.doc     zerop.datcmbdp.spx     difcl.spx    genwt.dat       ljust.dat     newrc.spx  scanspl.spx  trai2.spx     zerop.spxcombo.zip     divrw.dat    genwt.spx       ljust.spx     order.dat  scnbn.spx    trail.datcomma.dat     divrw.spx    gmean.dat       lsttb.spx     order.spx  smbal.zip    trail.mstcomma.spx     dlmbn.spx    gmean.spx       ment7.err     outpt.ind  split.dat    trail.spxcomp.dat      dmptb.spx    index           mentprep.spx  outpt.zip  split.spx    trail.trlcomp.spx      docsets.zip  index.html      mergenew.zip  randv.spx  survent.doc  ttest.spxconvment.pl   docst.ind    index.unformat  mllab.dat     ranks.dat  tabez.spx    tvalues

Navigating the remote and local file systems is of limited usefulness without being able to transfer files between the two.

Transferring Remote Files to the Local System

If we would like download files from our remote host, we can do so by issuing the following command:

sftp> get runcdi.logFetching /home/cfmc/.bin/runcdi.log to runcdi.log/home/cfmc/.bin/runcdi.log                                                 100%  109     0.1KB/s   00:01

As you can see, by default, the “get” command downloads a remote file to a file with the same name on the local file system.

We can copy the remote file to a different name by specifying the name afterwards:

sftp> get runcdi.log localFileFetching /home/cfmc/.bin/runcdi.log to localFile/home/cfmc/.bin/runcdi.log                                                 100%  109     0.1KB/s   00:00

The “get” command also takes some option flags. For instance, we can copy a directory and all of its contents by specifying the recursive option:

get -r someDirectory

We can tell SFTP to maintain the appropriate permissions and access times by using the “-P” or “-p” flag:

get -Pr someDirectory

Transferring Local Files to the Remote System

Transferring files to the remote system is just as easily accomplished by using the appropriately named “put” command:

sftp> put comma.spxUploading comma.spx to /home/cfmc/.bin/comma.spxcomma.spx                                                                  100% 2470     2.4KB/s   00:00   

Further information on further elaborate functions and options can be found via the system command prompt by typing:

man sftp

Below is an example shell script that can be used in a cron to FTP files. In this particular example, this script when run in the bash shell can FTP Survox dumploga and snapper_counts files to the Survox FTP server.

#!/bin/bash## Example script to FTP nsnapper and dumploga files to the SURVOX FTP server# LAST MODIFIED DATE 10/07/2015# DUMPLOGA FOR VERSIONS 8.3 AND 8.6.1cd /cfmc/cfg/echo ---=== remove old dumploga files ===---rm yourcompanyname_linux_dumploga*.tar.gzecho ---=== copy to new file with date appended ===---cp dumploga dumploga_$(date +%Y%m%d)echo ---=== tarball log ===---tar -czf yourcompanyname_linux_dumploga_$(date +%Y%m%d).tar.gz dumploga_$(date +%Y%m%d)#sleep 30## NSNAPPER FOR VERSIONS 8.7+#cd /cfmc/snap#rm yourcompanyname_linux_nsnapper*.tar.gz#cp nsnapper_counts.$(date +%Y%m -d 'last month')* nsnapper_counts_$(date +%Y%m%d)#tar -czf yourcompanyname_linux_nsnapper_$(date +%Y%m%d).tar.gz nsnapper_counts_$(date +%Y%m%d)##sleep 30echo ---=== ftp to Survox ===---# FTP begin portion of scriptUSER='anonymous'PASSWD='yourname@yourcompany.com'ftp -in <<EODopen ftp.cfmc.comquote USER $USERquote PASS $PASSWDbincd inboundhashput /cfmc/cfg/yourcompanyname_linux_dumploga_$(date +%Y%m%d).tar.gz yourcompanyname_linux_dumploga_$(date +%Y%m%d).tar.gzquitEOD