controlpanel.systems - How to use SFTP to transfer files securely with a remote server? Print

  • 0

What are FTP and SFTP?

FTP or “File Transfer Protocol” is a standard protocol for transferring files between two servers. FTP can also be insecure if not properly encrypted. If you’re using one of our Managed VPS or our shared platform then your FTP connection will be encrypted and secure.

SFTP, SSH File Transfer Protocol or Secure File Transfer Protocol is a different protocol that comes with SSH and works in a similar way. Unlike FTP, SFTP is always made over a secure connection. This connection can then be used to transfer files between servers and to traverse the filesystem on both servers.

When connecting to us, as both protocols are secure, you can use your protocol of choice. However, if you’re connecting to a system you’re unfamiliar with, in most cases you’re best off using SFTP for the connection. It’s more secure.

SFTP is part of many UI-based tools, and for those, we recommend referring to a guide for the tool in question. In this guide, we’ll demonstrate the use of SFTP through its command line interface.

Connecting using SFTP?

First off, if you’re connecting to a package with us, you’ll first need to make sure that you’ve unlocked the FTP/SFTP on the package in question. It can be unlocked for either a period of time or for the IP address you’ll be connecting from. FTP/SFTP can be unlocked on the right hand side of any package's control panel.

FTP Locked

When connecting to us using either FTP or SFTP you’ll need to unlock it here first and then you’ll be able to connect using the given details. If the domain in question has a CNAME set up to point ftp.domain.com to ftp.stackcp.com then you can also connect to our FTP/SFTP using ftp.domain.com. If in doubt ftp.stackcp.com will always work though.

If you’re connecting by SFTP elsewhere you may need to refer to connection guides for the supplier in question. When connecting to a general server the same authentication methods are available that are present in SSH.

When using your own server we would recommend creating SSH keys and transferring your public key to any system that you need to access. This is more secure and can save you time in the long run.

Once the SFTP is unlocked with us or you have set up SSH keys or a different authentication method for your own server, you should now be able to connect to it using the following:

 

$ sftp username@serverhostname

So using the example from Image1 above that would be:

 

$ sftp example.com@ftp.stackcp.com

If you are working on a custom SSH port (not the default port 22), then you can open an SFTP session as follows:

 

$ sftp -oPort=custom_port username@serverhostname

This won’t be necessary if using our shared or Managed Hosting on a VPS.

Once you’re connected to the remote server your prompt will change to an SFTP one.

 

sftp>

Getting Help

The best command to learn first with SFTP is the help command. This will give you a summary of available SFTP commands. You can get help by typing either:

 

sftp> help

Or

 

sftp> ?

This will display a list of commands:

 

Available commands:
bye                                Quit sftp
cd path                            Change remote directory to 'path'
chgrp grp path                     Change group of file 'path' to 'grp'
chmod mode path                    Change permissions of file 'path' to 'mode'
chown own path                     Change owner of file 'path' to 'own'
df [-hi] [path]                    Display statistics for current directory or
                                   filesystem containing 'path'
exit                               Quit sftp
get [-P] remote-path [local-path]  Download file
help                               Display this help text
lcd path                           Change local directory to 'path'
lls [ls-options [path]]            Display local directory listing
lmkdir path                        Create local directory
ln oldpath newpath                 Symlink remote file
lpwd                               Display (‘print’) local working directory
ls [-1aflnrSt] [path]              Display remote directory listing
lumask umask                       Set local umask to 'umask'
mkdir path                         Create remote directory
progress                           Toggle display of progress meter
put [-P] local-path [remote-path]  Upload file
pwd                                Display (‘print’) remote working directory
quit                               Quit sftp
rename oldpath newpath             Rename remote file
rm path                            Delete remote file
rmdir path                         Remove remote directory
symlink oldpath newpath            Symlink remote file
version                            Show SFTP version
!command                           Execute 'command' in local shell
!                                  Escape to local shell
?                                  Synonym for help

We’ll go through some of the more useful commands and how to use them in the following sections.

Navigating with SFTP

We can navigate around the remote server’s file system using commands similar to normal Linux system commands.

First off we can find out where we are in the file system of the remote server. Just like on a normal Linux server we can use the following to get the current directory:

 

sftp> pwd

Output:

 

Remote working directory: /

If you are using SFTP with us the home directory for the user will be displayed as / rather than the actual full path. On other servers you would get the output:

 

/home/sites/11a/7/74089947f7/

As this is the actual home path but when you are using SFTP with our shared or Managed VPS hosting this will be converted such that the user home path becomes just / and any commands should be done relative to this.

We can also view the contents of the current working directory using the ls command:

 

sftp> ls

Output:

 

examplefile1.txt  examplefile2.php  public_html

The commands within the SFTP interface don’t have as many features as in a normal shell interface but they do have some of the more important optional flags:

 

sftp> ls -la

Output:

 

drwx--x---    4 laravetest.com 48           4096 Sep 20 13:33 .
drwx--x---    4 laravetest.com 48           4096 Sep 20 13:33 ..
-rw-rw-r--    1 laravetest.com laravetest.com      959 Mar  8  2021 .bash_history
drwxrwxrwx    3 laravetest.com laravetest.com     4096 Mar  8  2021 .composer
-rw-rw-rw-    1 laravetest.com laravetest.com       67 May 14  2020 .htaccess
-rw-r--r--    1 laravetest.com laravetest.com        0 Sep 20 13:32 examplefile1.txt
-rw-r--r--    1 laravetest.com laravetest.com        0 Sep 20 13:33 examplefile2.php
drwxrwxr-x    4 laravetest.com laravetest.com     4096 Mar  8  2021 public_html

To move between directories in the file system we can use the cd command.

 

sftp> cd public_html

We can now move around the remote server’s file system. We also need to be able to access and move around our local system as well though. We can run commands on the local file system by amending l to the front of the commands.

The commands we’re shown above have local file system equivalents so you can get the local working directory as follow:

 

sftp> lpwd

Output:

 

Local working directory: /home

You can list the contents of the current working directory on the local machine:

 

sftp> lls

Output:

 

config.php  index.html  local  var

We can also move between directories on the local system.

 

sftp> lcd var

Transfering Files with SFTP

Being able to move between directories and see the files on both the remote and local system is good but you’ll also want to be able to move files between the servers.

Transferring Files from the Remote to the Local Server

In order to download files from the remote server to our local server we can use the get command:

sftp> get examplefile1.txt

Output:

Fetching /examplefile1.txt to examplefile1.txt

By default, the get command downloads a remote file to a file with the same name on the local file system.

You can also copy the remote file to a different name by specifying the name afterwards if you wish:

sftp> get  examplefile1.txt localexample.txt

You can also use some option flags with the get command. For example you can copy a directory and all its contents by specifying the recursive option -r:

sftp> get -r public_html/

We can then also tell SFTP to keep the original permissions and access times for the downloaded files using -p.

sftp> get -rp public_html
Transferring Files from the Local to the Remote Server

Moving files from your local server to the remote server it just as easily done but this time you’ll need to use the put command:

sftp> put examplefile1.txt

Output:

Uploading examplefile1.txt to /examplefile1.txt
examplefile1.txt  

You can use the same flags with the put command as you can with the get command. To copy a local directory therefore, you can do:

sftp> put -r var

A useful tool to use when uploading and downloading files from a remote server is the df command. This works in a similar manner to the command line version. You can use this to check the amount of available on the remote server:

sftp> df -h

Note: here we’ve used the -h flag to make the output more human readable.

Output:

    Size     Used    Avail   (root)    %Capacity
   8.7TB    8.4TB    275GB    275GB          96%

There is no local version of the df command in SFTP so in order to check the storage you will need to exit out of the SFTP connection to run df locally.

You can do this with the ! command. This will take us back to the local server where we can check the disk usage:

sftp> !
$ df -h 

Output:

Filesystem      Size  Used Avail Use% Mounted on
devtmpfs        373M     0  373M   0% /dev
tmpfs           404M     0  404M   0% /dev/shm
tmpfs           404M   46M  358M  12% /run
tmpfs           404M     0  404M   0% /sys/fs/cgroup
/dev/vda1        25G  1.7G   24G   7% /
tmpfs            81M     0   81M   0% /run/user/0
 

Any other command will also work as expected on the local server. You can then return to your SFTP session with:

$ exit

You should now see your SFTP prompt again.

Basic File Manipulation

SFTP will also allow you to do simple file maintenance.

For example, you can change the owner of a file on the remote server by using:

sftp> chown userID file

When using SFTP the chmod command doesn’t accept usernames like with the command line equivalent but instead uses UIDs. There also isn’t an easy way to know the appropriate UID from the SFTP unfortunately.

Depending on your access permissions on the system you’re using, a workaround could be:

sftp> get /etc/passwd
sftp> !less passwd

Output:

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

In the above, instead of using ! on it’s own first we’ve amended it to the beginning of another command. This then runs the given command in the local shell as if we weren’t in the SFTP interface.

This will work for any command available on your local server and we could have used this to run the df command earlier.

The UID we need is in the third column of the output, as displayed by the separating colons.

In a similar fashion we can change the group owner of a file with:

sftp> chgrp groupID remotefilename

Unfortunately again there is no easy way to get a listing of the remote server’s groups. We can work around this using the following:

sftp> get /etc/group
sftp> !less group

Output:

root:x:0: bin:x:1: daemon:x:2: sys:x:3: adm:x:4:centos tty:x:5: disk:x:6: lp:x:7: mem:x:8: kmem:x:9: wheel:x:10:admin cdrom:x:11: mail:x:12: 

Like before the third column as denoted by the colons holds the UID for the group given in the first column.

Luckily the chmod command works as expected on the remote file system:

sftp> chmod 755 public_html

Output:

Changing mode on /public_html/

There isn’t a command for changing local file permissions but you can set the local umask meaning that any files copied from the remote to the local server will have the correct permissions.

This can be done using the lumask command:

sftp> lumask 022
Local umask: 022

Now any regular files downloaded from the remote server will have 644 permissions. Given that the -p flag is not used.

SFTP allows you to create directories on both local and remote servers using the lmkdir and mkdir respectively. These work as you would expect.

The following only target the remote file system:

sftp> ln
sftp> rm
sftp> rmdir

These commands have the same behaviour as their equivalent shell versions. If you need to use these commands on the local system then you can return to the local shell with !:

sftp> !

Or you can execute the command from the SFTP interface by amending it with a !:

sftp> !chmod 644 index.php

When you have finished with SFTP you can use exit or bye to close the connection.

sftp> bye
Final Words

While SFTP is a relatively simple tool, it’s very useful for administering servers and moving files between them.

A working example would be that you can use SFTP to enable particular users to transfer files without SSH access. If you set up additional FTP users in the control panel for the package with us, these can also be used with SFTP to allow multiple user SFTP access to different parts of a hosting package.

If you’re using FTP or SCP for your transfers then SFTP is a good way to have the strengths of both. Whilst SFTP isn’t the best tool for every situation, it is an effective and useful tool.


Was this answer helpful?

« Back