SSH File Transfer Protocol (SFTP): Get SFTP client & server

SFTP (SSH File Transfer Protocol) is a secure file transfer protocol. It runs on top of the SSH protocol. It supports full SSH security and authentication functionality.

SFTP has virtually replaced legacy FTP as a file transfer protocol, and is rapidly replacing FTP/S. It provides all the functionality these protocols offer, but more securely and reliably, with simpler setup. Basically, there is no longer any reason to use legacy protocols.

SFTP also protects against password tracking and man-in-the-middle attacks. It protects data integrity through cryptographic and encryption hashing, and authenticates both the server and the user.

SFTP port

number

The

SFTP port number is SSH port 22 (follow the link to see how you got that number). It’s basically just an SSH server. Only once the user has logged in to the server using SSH can the SFTP protocol be started. There is no separate SFTP port exposed on the servers. There is no need to configure another hole in the firewalls.

SFTP Client

for Windows and Mac

There are many SFTP client implementations available. Many SSH clients support SFTP.

• Tectia

• WinSCP

• FileZilla

• PuTTY

• SSH Client Cyberduck

SFTP

Server for Linux, Windows and Mac

The SFTP server usually comes as part of an SSH implementation. Most organizations use Tectia SSH or OpenSSH as a server; both come with out-of-the-box SFTP server deployments.

Tectia SSH Server for Windows

• Tectia SSH Server

for

• IBM z/OS OpenSSH mainframes

– open source server for Linux

• and Unix

• FileZilla – a free sftp server for Windows

SCP Command

on Linux

The scp command is a file transfer program for SFTP on Linux. The scp command-line interface was designed after the old rcp command in BSD Unix. The scp also usually comes with the OpenSSH package.

Its typical use is:

scp file [-r] … [user@]host:[path]

Basically, this copies one or more files to the given host. If user is provided, it is copied to that account on the host. If no user is provided, the same user name as on the client side is assumed. If the path is provided, the files are copied to that directory (relative to the given user’s home directory). If no path is provided, the files are copied to the user’s home directory. If the -r option is provided, then the files can be directories, and the given directory and all its subdirectories and files in them (recursively) are copied.

It can also be copied in the reverse direction

: scp [-r] [user@]host:

file path Commonly, the path would be ., that is, the current directory.

SFTP command on Linux The sftp command

on Linux

is a client program for SFTP. The sftp command line interface was designed to be similar to the ftp command. The sftp command is usually part of the OpenSSH package.

SSHFS and using

SFTP to share files

SFTP can also be used for file sharing, similar to Windows and Linux NFS file sharing. The main difference is that SFTP is secure and can be used reliably through network address translation (NAT) and the public Internet.

Sshfs is a network file system for Linux that runs on top of the SFTP protocol. You can use any SSH server as a server and use remote files over the network as if they were local files. The remote file system can be mounted and unmounted as desired. It is the most convenient way to mount ad hoc remote files, without the need for any configuration by the server administrator. SSH keys can even fully automate the establishment of the connection to the server. Basically, anyone who can log on to the server can mount their file system, with access to the files that the user has access to.

Other file sharing implementations that use SFTP include:

• Expandrive (Windows and Mac)

• Apache Commons VFS

• chromeos-filesystem-sftp

Interactive and automated

secure file transfers Like SSH, SFTP is a client-server protocol. SFTP clients are included in quality SSH clients, and full enterprise-grade SSH implementations provide SFTP client and server functionality. Some SSH clients, such as Tectia SSH, also provide graphical views of the file manager on remote file systems.

On Linux, SFTP is often used as a command-line utility that supports interactive and automated file transfers. Public key authentication can be used to fully automate logins for automated file transfers. However, proper lifecycle management of SSH keys is important to keep access under control.

Common use cases for automated file transfers include nightly system backups, copying data to disaster recovery systems, distributing configuration data, and moving transaction logs to file systems. Many organizations have thousands of SSH transfers daily. In some cases, we’ve seen over 5 million automated SSH logins daily.

Business File Transfer

Solutions

Using SFTP

Some business file transfer products that support SFTP are as follows. Nothing on this page should be taken as an endorsement of any product or solution.

IBM MQ Managed File Transfer

• GlobalScape Enhanced

File Transfer

• GoAnywhere

MFT

• SFTPPlus

Managed File Transfer

• IPSwitch MOVEit Complete

• Solarwinds Managed File Transfer

• JScape

MFT Server

• Serv-U

MFT Server Gateway

• Axway Secure MFT: SecureTransport

• Stonebranch Universal Data Mover

Coviant Diplomat Managed File Transfer

• Acronis MassTransit

• Tibco Managed File

Transfer

• BMC Control-M

Managed File Transfer Secure

• Signiant

File Transfer

• Redwood Managed File Transfer

SFTP libraries for developers

There are many open source SSH libraries available for various programming languages.

• pysftp

is an implementation of Python

• Paramiko

is another implementation of Python

• pkg/

sftp is an implementation of the Go language libssh is a C implementation of the

• libssh2

protocol is another C implementation of

• the

• Rebex protocol SFTP is an implementation of .NET (C#)

• codeignioter-sftp is an

implementation of PHP

• phpseclib is another implementation of PHP

• SmartFTP

is an

• ActiveX component JCraft

JSch is an implementation of Java SSHJ

• is another implementation of Java

List of client libraries SFTP

• =nofollow

• Comparison of Commons VFS, SSHJ and JSch libraries for

SFTP support SFTP protocol The

SFTP

protocol it runs on top of the SSH protocol as a subsystem. It was originally designed by Tatu Ylonen for SSH 2.0 in 1997-1998. There is no separate SFTP port; uses the normal SSH port.

Full documentation of the SFTP protocol can be found at Internet-Draft draft-ietf-secsh-filexfer-02

.

The protocol supports multiple simultaneous operations. Each operation is identified by a unique number assigned by the client, and the response from the servers contains the same identification number. The server can process requests asynchronously and can return out-of-order responses. For performance reasons, file transfer clients often send multiple requests before stopping to wait for responses.

Operations or packet types supported by the protocol include

:

INIT: sends

client version numbers and extensions to the server

VERSION: returns the version number of the server and extensions to the client

OPEN: opens or creates a file, returning

a file handle

CLOSE: closes

a file handle READ: reads data from a

WRITE file : writes data

to a file

OPENDIR: opens a directory to

read, returning a directory identifier

READDIR: reads file names and attributes

of a directory identifier

MKDIR: creates

a directory

RMDIR

: deletes a directory REMOVE

: deletes a file RENAME: renames a

STAT file

– returns file attributes given a path, following symbolic links LSTAT – returns file attributes given a path, without following symbolic

links FSTAT: returns file attributes given a file identifier SETSTAT: modifies file attributes given a path

FSETSTAT: modifies

file

attributes given a

READLINK file identifier : reads the value

of a symbolic link

SYMLINK: creates a symbolic

link

REALPATH : canonicalizes the relative path of the server size to an absolute path

The server returns the following response packets

:

STATUS: indicates the success or failure of an operation

HANDLE: returns an identifier

of file when successful DATA: returns data when successful

ATTRS: Returns file attributes when

successful.

There is also an extension mechanism for vendor-specific arbitrary extensions. Supported extensions are negotiated using the INIT and VERSION packages.

EXTENDED

: Sends a provider-specific request from client to server

EXTENDED_REPLY: Sends a provider-specific response from server to client

. SFTP vs. FTPS People often want to compare

SFTP vs. FTPS. FTPS

is basically the old ftp protocol run over SSL (Secure Sockets Layer) or TLS (Transport Layer Security).

The benefits of SFTP

over FTPS include:

• SFTP runs over SSH on the standard SSH port. Therefore, there is no need to open additional ports on the server and no need to maintain any additional authentication. This simplifies configuration and reduces the likelihood of configuration errors.

• FTPS needs complicated firewall configuration and may not work over NAT. Ports 989 and 990 must be open. In addition, FTPS supports both active and passive modes (see FTP), which further complicates firewall configurations and is prone to problems.

• FTPS requires an X.509 certificate for the server, typically from a public certification authority. SSH works without any centralized infrastructure. SFTP can use any certification method or host key distribution that is in use for SSH, without the need for additional work and ongoing maintenance.

• FTPS is basically FTP, which means it has ASCII mode, which can corrupt files if the mode is not configured correctly. Some implementations use ASCII mode by default.

• FTPS cannot be used as a file system. (This doesn’t improve security, since you can still read the same files.)

• FTPS requires an additional server software package to be installed and patched, while SFTP usually comes with SSH with the system.

Screenshot of

SFTP