What Is SFTP?
SFTP (Secure File Transfer Protocol) is a network protocol for transferring files from a client to a server. Unlike FTP (File Transfer Protocol), SFTP utilizes the SSH (Secure Shell) protocol to encrypt the data that is sent. It was developed by computer scientists, Tatu Ylönen and Sami Lehtinen, who are also responsible for the development of the SSH protocol in the 1990s. However, the modern version is developed by the IETF (Internet Engineering Task Force). It can be described as a remote file system protocol, even though its name suggests it only performs file transfer operations. When sending a file using SFTP from a client to a receiving server, the data is encrypted before it is sent to the destination. If the data being sent is intercepted by a “man-in-the-middle,” it can’t easily be decrypted by this third party.
Installing SSH and the OpenSSH Server
We are starting the process of setting up the SFTP server by installing SSH and the OpenSSH server. Most Linux installations already have SSH installed by default, but in case your system doesn’t have it, you can install it by using the Advanced Packaging Tool’s apt command: After installing SSH, you can check its version by running the ssh command with the -V flag: You can install the OpenSSH Server on Debian and Ubuntu systems, for example, by using the apt command: You can do the same on Arch Linux by using the pacman command:
Creating Users, Groups and Directories for SFTP
It is a common recommendation that different services on Linux should use their own users, groups, and directories. Start by creating a group for the users of SFTP. This is accomplished by using the groupadd command: You can create a user and add it to the group that was created by using the useradd command and its -g flag, which is used to specify the group the user will be a part of: After creating the user, assign it a password by using the passwd command: Create the default directory for the newly created user: Use the chown command to give the directory the necessary permissions:
Configuring the SSH Server
The next step for setting up an SFTP server is configuring the SSH server it will be using. Edit the “sshd_config” file found in “/etc/ssh/” so that the user is using the SFTP shell when connecting to the server instead of SSH’s shell. You can easily edit the file using the commonly used Nano editor found on many Linux installations by default: Find the bottom of the file and add the following: Restart the SSH service:
(Optional) Changing The SFTP Port
If you want to change the port the SFTP server is using from the default value of 22 to your chosen option, you’ll need to edit the “sshd_config” file once again. Once again edit the file by using the Nano editor: Find a line in the file with the default port value of 22 commented out: You can remove the hash (#) sign used to comment out the line and add your choice of port value. In my case, I am changing the value to 1111: Now simply save the file and restart the server:
Logging in and Using the Server
W the server installed and configured, it is ready for use. You can easily upload files and download them, all with an encrypted session provided by SSH. Before logging in, it won’t hurt to take a look at the manual provided: Log into the server by providing the username and the server IP or hostname in the following format: Additionally, you can specify the port your SFTP server is using (default is 22) by utilizing the -P flag: When you log in, you are greeted with an SFTP shell. View a manual by typing help.
Downloading Files
To download a file: Example: This will download to your current directory – the one you were in locally before you logged in to the server. To download to a specific local directory: To copy directories, you have to add the -r parameter, which stands for recursive, to the command. Remember to add a name for the new directory you want to create locally, like “/home/username/Desktop/bin” in this case. If you use get -r /bin /home/username/Desktop, files will be copied directly on the Desktop. Note that t’s the files that are copied and not the directory itself.
Uploading Files
Uploading files or directories follows the same principles. The only exception is that paths are reversed, meaning you first specify the local file/directory, then the remote path. To start with, upload files to the server by using the put command: When uploading directories (recursive), remember that the same rule from the previous section applies: it’s actually the files in the directory that are copied and not the directory itself. Specify a new name for a directory you want to copy those files to. This creates a new directory called “bin” on the remote side.
Resume Transfers and Use Paths that Contain Spaces
When you transfer a large file that gets interrupted, you can resume by replacing the previous command with reput and reget. Just make sure you use the same paths you used last time so that the source and destination match exactly. To resume directory transfers, just add the -r parameter: If the path to a file contains spaces, put it within quotes:
Other Uses
You can list the files and directories by using the ls command: The permissions of files are also changeable using the chmod command: Additionally, you can create a new directory by using the mkdir command:
1. Do I need to install an SFTP client?
In most cases no, since most Linux systems come with a terminal-based SFTP client installed by default.
2. Can I use public-key authentication?
Yes, you can use public-key authentication instead of a password as an authentication method. Setting it up is fairly simple, and it provides additional security for your server.
3. Can I simultaneously host an SSH server?
Yes. However, you will need to make sure that your SFTP server is not using the same port as the SSH server.
