The SSH File Transfer Protocol (also Secure File Transfer Protocol, or SFTP) is a network protocol that provides file access, file transfer, and file management over any reliable data stream. It is a file transfer protocol that leverages a set of utilities that provide secure access to a remote computer to deliver secure communications. It leverages SSH (Secure Socket Shell or Secure Shell) and is frequently also referred to as Secure Shell File Transfer Protocol.
FTP
The File Transfer Protocol is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network (including the Internet). FTP is built on a client–server model architecture using separate control and data connections between the client and the server.
FTP has always been popular for staring or moving large files between systems. Files can be added to a central server, then users who wants to access them can access them from there.
SSH
SFTP is aimed at providing enhanced security with tunneling using Secure Shell 2 (SSH2), a secure tunneling protocol. It emulates an FTP connection and provides a firewall friendly and encrypted channel for file transfers using TCP port 22.
SSH offers enhanced security by having the entire file transfer session, including all session control commands, entirely encrypted at all times while only requiring a single port be opened on your firewall versus the two ports that need to be opened for FTP and SSL connections.
As an added feature, Secure FTP also compresses all data during the transmission, which can result in faster file transfers.
Related Content
- How to install and set up sftp server in Ubuntu 22.04
- How to work with SFTP client in Linux – 10 sftp commands
- How to set up an SFTP server on Debian 11 Server
- Download Files from SFTP server Using a python script
- List, Upload and Download files from an SFTP Server using golang
- How to set up an SFTP server on OpenSUSE Leap 15.3 Server
- How to set up an SFTP server on CentOS 8 /RHEL 8 Server
Getting up and running with SFTP server in Ubuntu 20.04
This guide will take you through the process of installing and setting up SFTP server in Ubuntu 20.04. We will go through these steps:
- Installing the
sftpandsshSoftware in Ubuntu - Creating SFTP user and group
- Configuring the SSH service
- Connecting to the server using the terminal – Linux command line
1. Installing the ssh Software in Ubuntu
We need to have the software providing the ssh and sftp server software in our Ubuntu
Ensure you machine is updated:
sudo apt update
sudo apt upgrade -ySince sftp is dependent on ssh, we will need to install either SSH or OpenSSH if none of them is already installed in your machine.
Install the ssh daemon:
sudo apt install sshOutput
$ sudo apt install ssh
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libllvm11 libxdamage1
Use 'sudo apt autoremove' to remove them.
The following NEW packages will be installed:
ssh
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 5,084 B of archives.
After this operation, 120 kB of additional disk space will be used.
Get:1 http://ports.ubuntu.com/ubuntu-ports focal-security/main arm64 ssh all 1:8.2p1-4ubuntu0.2 [5,084 B]
Fetched 5,084 B in 0s (26.8 kB/s)
Selecting previously unselected package ssh.
(Reading database ... 104454 files and directories currently installed.)
Preparing to unpack .../ssh_1%3a8.2p1-4ubuntu0.2_all.deb ...
Unpacking ssh (1:8.2p1-4ubuntu0.2) ...
Setting up ssh (1:8.2p1-4ubuntu0.2) ...2. Creating SFTP user and group
We need to create a user and a group that will login to the SFTP server.
- Create a group with the name you want. I will use
sftpgroup1sudo addgroup sftpgroup1
Output:
# sudo addgroup sftpgroup1
Adding group 'sftpgroup1' (GID 1002) ...
Done.Create a user with the name you want adding it to the group we created. I will use
sftpuser1for the user.sudo useradd -m sftpuser1 -g sftpgroup1Add a password to the new SFTP user
sudo passwd sftpuser1
Output:
# sudo passwd sftpuser1
New password:
Retype new password:
passwd: password updated successfully- Grant the new SFTP user complete access to their new home directory using this command:
sudo chmod 700 /home/sftpuser1/
Configuring the SSH service
You need to configure the ssh service to accept sftp traffic. Add the following configs to the ssh config file located here /etc/ssh/sshd_config:
In your terminal, use this command to open the config file with vim:
sudo vim /etc/ssh/sshd_configNow add this content to the bottom of the file:
Match group sftpgroup1
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftpThe above configurations is meant to allow users in the sftpgroup1 group (Match group sftpgroup1) to access and use their home directories via the SFTP while preventing any other normal SSH access to those files.
Save and close the SSHD configuration file.
restart the SSH service to apply previous changes.
sudo systemctl restart ssh4. Connecting to the server using the terminal – Linux command line
You can use the command line terminal to test your login to the SFTP. This can even be done locally in the sftp server.
This is the format of the login command:
sftp [user]@[host]Lets connect to our server. your SFTP username and password will be needed.
sftp sftpuser1@127.0.0.1Output:
$ sftp sftpuser1@127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:99KvuL95zO2CQbC8X0Re/Q+cYrJgqQgzpf1leemnjmY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.
sftpuser1@127.0.0.1's password:
Connected to 127.0.0.1.
sftp>This will log you in the server. The default directory is the /home dir specified in the ChrootDirectory /home directive in the ssh server configs.
Basic sftp commands
Check Version:
sftp> version
SFTP protocol version 3
sftp>Show remote Working Directory
If you need to check the current working directory on the remote server, the pwd command comes in handy:
sftp> pwd
Remote working directory: /sftpuser1
sftp>Show Local machine Working directory
To show the local system’s present working directory use lpwd command.
sftp> lpwd
Local working directory: /home/ubuntu
sftp>The created user will only have access to its directory. Lets switch to that directory with the following command:
sftp> cd sftpuser1
sftp>Move to the SFTP user home directory and try to create a new directory as following:
sftp> ls
sftpuser1 ubuntu
sftp> cd sftpuser1
sftp> ls
sftp> mkdir datadir
sftp> ls
datadirUpload files
Doing it from local
Upload files to a remote server using this command syntax:
$ sftp {user}@{host}:{remote-path} <<< $'put {local-path}'Example:
$ sftp sftpuser1@127.0.0.1:/sftpuser1/ <<< $'put ./citizix.txt'
sftpuser1@127.0.0.1's password:
Connected to 127.0.0.1.
Changing to: /sftpuser1/
sftp> put ./citizix.txt
Uploading ./citizix.txt to /sftpuser1/citizix.txt
./citizix.txtDoing it from the sftp server
Use these commands: ls to list files, lls for local list, put for uploading files:
sftp>
sftp> pwd
Remote working directory: /sftpuser1/datadir
sftp> ls
sftp> lls
citizix.txt snap tmp
sftp> put citizix.txt
Uploading citizix.txt to /sftpuser1/datadir/citizix.txt
citizix.txt 100% 32 25.8KB/s 00:00
sftp> ls
citizix.txt
sftp>To upload multiple files in one go, we can use mput command like in the example below. You can use mput with regular expression like data[23] to upload data2, data3 and ignore data1. You can use any wildcard or regular expression with mput.
sftp>
sftp> pwd
Remote working directory: /sftpuser1/data
sftp> ls
sftp> lls
data1 data2 data3
sftp> mput data[23]
Uploading data2 to /sftpuser1/data/data2
data2 100% 0 0.0KB/s 00:00
Uploading data3 to /sftpuser1/data/data3
data3 100% 0 0.0KB/s 00:00
sftp> ls
data2 data3Downloading files
Doing it from the local machine
To download a file from a remote server, use the below command syntax:
$ sftp {user}@{remote-host}:{remote-file-name} {local-file-name}Here’s a demo of downloading a file in one line using sftp:
# sftp sftpuser1@127.0.0.1:/sftpuser1/citizix.txt .
sftpuser1@127.0.0.1's password:
Connected to 127.0.0.1.
Fetching /sftpuser1/citizix.txt to ./citizix.txt
/sftpuser1/citizix.txt 100% 32 26.7KB/s 00:00Doing it from the remote sftp server
Download single file from the server using get. Example downloading data2
sftp>
sftp> ls
data2 data3
sftp> lls
sftp> get data2
Fetching /sftpuser1/data/data2 to data2
sftp> lls
data2
sftp>Use mget to download multiple files like in this example
sftp>
sftp> ls
data2 data3
sftp> lls
sftp> mget data*
Fetching /sftpuser1/data/data2 to data2
Fetching /sftpuser1/data/data3 to data3
sftp> lls
data2 data3
sftp>Creating and deleting directory
Use the commands mkdir and rmdir to create and delete directories
sftp>
sftp> ls
sftp> mkdir data
sftp> ls
data
sftp> rmdir data
sftp>Removing files
Use the command rm to delete files
sftp> rm data*
Removing /sftpuser1/data/data2
Removing /sftpuser1/data/data3
sftp>Renaming files
sftp>
sftp> ls
data3
sftp> rename data3 data_original
sftp> ls
data_original
sftp>Checking Filesystem Usage
Display statistics for the current directory or filesystem containing ‘path’, use df command. We can use -h flag to show statistics in a human-readable format. Do note that the statistics shown are for the remote SFTP server’s respective filesystem and not the local machine’s filesystem.
sftp> df
Size Used Avail (root) %Capacity
29540600 5917856 22103188 23622744 20%
sftp> df -h
Size Used Avail (root) %Capacity
28.2GB 5.6GB 21.1GB 22.5GB 20%Getting Help
To get help about available commands and syntax for SFTP, use ‘?‘ or ‘help‘.
sftp> ?Output:
sftp> ?
Available commands:
bye Quit sftp
cd path Change remote directory to 'path'
chgrp [-h] grp path Change group of file 'path' to 'grp'
chmod [-h] mode path Change permissions of file 'path' to 'mode'
chown [-h] own path Change owner of file 'path' to 'own'
df [-hi] [path] Display statistics for current directory or
filesystem containing 'path'
exit Quit sftp
get [-afpR] remote [local] Download file
help Display this help text
lcd path Change local directory to 'path'
lls [ls-options [path]] Display local directory listing
lmkdir path Create local directory
ln [-s] oldpath newpath Link remote file (-s for symlink)
lpwd Print local working directory
ls [-1afhlnrSt] [path] Display remote directory listing
lumask umask Set local umask to 'umask'
mkdir path Create remote directory
progress Toggle display of progress meter
put [-afpR] local [remote] Upload file
pwd Display remote working directory
quit Quit sftp
reget [-fpR] remote [local] Resume download file
rename oldpath newpath Rename remote file
reput [-fpR] local [remote] Resume upload file
rm path Delete remote file
rmdir path Remove remote directory
symlink oldpath newpath Symlink remote file
version Show SFTP version
!command Execute 'command' in local shell
! Escape to local shell
? Synonym for helpRefer sftp man page for further reading.
$ man sftpExit the SFTP Session
Finally, you can exit the sftp using the bye, exit, or quit:
sftp> exit
$Conclusion
In this guide we managed to set up an sftp server and explored basic operations that can be done on the server