Introduction
Ditch the vulnerabilities of FTP and level up your server management skills. This guide explores the sftp command, an essential tool for secure file transfer on any Linux system. Learn how SFTP leverages the power of SSH to protect your data during transmission. We’ll walk you through practical examples, from basic connections and file transfers to advanced techniques like recursive directory uploads and passwordless authentication, helping you master a fundamental aspect of Linux administration.
What is SFTP and Why Is It More Secure Than FTP?
File Transfer Protocol (FTP) was once the standard for moving files remotely. However, its critical flaw is that it transmits all data, including usernames and passwords, in unencrypted clear text. This makes it highly insecure, as anyone monitoring network traffic can easily intercept your credentials and data. Due to this vulnerability, FTP should only be used on networks you completely trust.
SFTP (Secure File Transfer Protocol) solves this problem. It is not a simple upgrade to FTP but a completely different protocol built on top of the Secure Shell (SSH) protocol. By default, it operates over the standard SSH port 22, creating a secure, encrypted channel for all commands and data transfers. This ensures that your credentials and files are protected from eavesdropping, making it the modern standard for any Linux file transfer.
Most Linux distributions come with the sftp client pre-installed. You can verify its presence by running:
which sftp
If the command returns a path like /usr/bin/sftp, you are ready to proceed.
Security Warning: Please don’t expose your SSH port to the public internet without proper security measures. It is best practice to use a firewall to allow access only from specific, trusted IP addresses.
Connecting and Navigating with the SFTP Command
Mastering the initial connection and navigation is the first step to using SFTP effectively.
H3: Establishing a Secure Connection
To start an SFTP session, you use the same credentials and protocol as SSH. Simply provide your username and the remote server’s hostname or IP address:
sftp [email protected]
If the remote SSH server is running on a non-standard port (e.g., 2222), you can specify it with the -oPort option:
sftp -oPort=2222 [email protected]
Once authenticated, your command prompt will change to sftp>, indicating you are in an active SFTP session. You can type help or ? to see a list of available commands.
H3: Checking Your Current Directory (Remote and Local)
Knowing your location on both the local and remote systems is crucial. SFTP provides two simple commands for this:
- pwd: Shows your present working directory on the remote server.
- lpwd: Shows your present working directory on your local machine.
sftp> pwd
Remote working directory: /tecmint/
sftp> lpwd
Local working directory: /home/user/documents
H3: Listing Files on Remote and Local Machines
To see the contents of a directory, you use commands similar to pwd and lpwd:
- ls: Lists files and directories in the current remote directory.
- lls: Lists files and directories in the current local directory.
For a more detailed view, you can use the -l flag with both commands to show permissions, owner, size, and modification date.
sftp> ls -l
sftp> lls -l
Mastering Secure File Transfer with SFTP
The core function of SFTP is, of course, transferring files. Here’s how to upload and download single files, multiple files, and even entire directories.
H3: Uploading Files to a Remote Server
To upload a single file from your local machine to the remote server, use the put command. This will copy the specified file from your current local directory to the current remote directory.
sftp> put local.profile
To upload multiple files at once, such as all files ending with .log, use the mput command with a wildcard:
sftp> mput *.log
H3: Downloading Files from a Remote Server
To download a single file from the remote server to your local machine, use the get command.
sftp> get SettlementReport_1-10th.xls
For downloading multiple files that match a pattern, use the mget command. This example downloads all spreadsheet files:
sftp> mget *.xls
H3: Renaming Files While Downloading
If you need to save a downloaded file with a different name on your local machine, simply specify the new filename as a second argument to the get command.
sftp> get SettlementReport_1-10th.xls Report_Jan.xls
This command downloads SettlementReport_1-10th.xls from the server and saves it locally as Report_Jan.xls.
Advanced SFTP Command Techniques and Management
Go beyond simple transfers with these commands for directory management, automation, and session control.
H3: Switching, Creating, and Removing Directories
Managing directories is straightforward within an SFTP session:
- Switch Directories: Use
cdfor the remote server andlcdfor your local machine. - Create Directories: Use
mkdirfor the remote server andlmkdirfor your local machine. - Remove Files and Directories: Use
rmto delete a remote file andrmdirto delete an empty remote directory.
sftp> cd /var/www/html
sftp> lcd /home/user/new-project
sftp> mkdir backups
sftp> lmkdir downloads
sftp> rm old_backup.tar.gz
sftp> rmdir temp_folder
Note: The rmdir command will fail if the directory is not empty. You must remove its contents first.
H3: Automate Logins with SSH Key Authentication
To perform a secure file transfer without repeatedly typing your password, use SSH key-based authentication. First, generate a key pair on your local machine if you don’t have one:
ssh-keygen -t rsa -b 4096
Next, copy your public key to the remote server using the ssh-copy-id utility:
ssh-copy-id [email protected]
Once the key is copied, you can connect via SFTP without a password prompt, which is ideal for scripting and automation.
sftp [email protected]
H3: Exiting the Session and Using the Local Shell
To close the SFTP session, simply type bye or exit.
If you need to run a command on your local machine without ending your SFTP session, use the ! command. This will temporarily drop you into your local shell.
sftp> !
After running your local commands, type exit to return to your active SFTP prompt.
sftp> bye
FAQ
Question 1: What is the main difference between FTP and SFTP?
Answer 1: The primary difference is security. FTP transmits data and credentials in unencrypted plain text, making it vulnerable to interception. SFTP (Secure File Transfer Protocol) runs over an SSH connection, encrypting all data, including login credentials, which protects your information during transit. SFTP is the modern, secure standard for transferring files.
Question 2: Can I transfer an entire directory with a single SFTP command?
Answer 2: Yes. While the basic mput and mget commands don’t handle subdirectories, you can transfer entire directories recursively using the -r (recursive) flag. This is a powerful feature for moving entire project folders or backups. For example, to download a remote directory named ‘project-files’ to your local machine, you would use: sftp> get -r project-files.
Question 3: How can I automate a series of SFTP commands?
Answer 3: You can automate SFTP transfers by using a batch file. Create a text file (e.g., `sftp_script.txt`) containing one sftp command per line (e.g., `cd /remote/path`, `put localfile.zip`, `bye`). Then, execute it using the `-b` (batch file) option: `sftp -b sftp_script.txt [email protected]`. This is especially powerful when combined with SSH key authentication for fully automated, passwordless workflows.