How to Use sFTP to Transfer Files/Directories in Linux By default, SFTP adopts the same SSH transport for establishing a secure connection to a remote server. Although, passwords are used to authenticate users similar to the default SSH settings, but, it is recommended to create and use SSH passwordless login for simplified and more secure. Linux has the standard ftp command line program to deal with precisely that scenario. But definitely don’t use the ftp command to access external resources across the internet. For that, use the sftp command line program, which uses the secure SSH File Transfer Protocol. We’ll introduce both of these programs in this tutorial. An SFTP client called sftp is available in OpenSSH suite that ships with most Linux systems. When using password-based authentication (you can avoid the need to supply passwords if the remote host allows password-less SSH authentication ), this is how you would start an SFTP session. Sftp is an interactive file transfer program, similar to ftp(1), which performs all operations over an encrypted ssh(1) transport. It may also use many features of ssh, such as public key authentication and compression. Sftp connects and logs into the specified host, then enters an interactive. All modern operating systems (Apple, Linux and Windows 10) now have have native command-line utilities that can be used to copy files to SFTP servers. These tools can be used to copy files to Department linux login servers for remote file access or for transfering HTML/CSS to upload web content for SFTP servers for web publishing.
This article or section is a candidate for merging with SFTP chroot.
Notes: Instructions seem to be the same as in SFTP chroot and has more content. (Discuss in Talk:SCP and SFTP#Incorrect 'Considered for redirection' banner?)
The Secure copy (SCP) is a protocol to transfer files via a Secure Shell connection. The SSH file transfer protocol (SFTP) is a related protocol, also relying on a secure shell back-end. Both protocols allow secure file transfers, encrypting passwords and transferred data. The SFTP protocol, however, features additional capabilities like, for example, resuming broken transfers or remote file manipulation like deletion.
- 2Secure file transfer protocol (SFTP) with a chroot jail
- 3Secure copy protocol (SCP)
- 3.1General Usage
- 3.2Scponly
Secure file transfer protocol (SFTP)
Install and configure OpenSSH. Once running, SFTP is available by default.
Access files with the sftp program or SSHFS. Many standard FTP programs should work as well.
Secure file transfer protocol (SFTP) with a chroot jail
Sysadmins can jail a subset of users to a chroot jail using openssh thus restricting their access to a particular directory tree. This can be useful to simply share some files without granting full system access or shell access. Users with this type of setup may use SFTP clients such as filezilla to put/get files in the chroot jail.
Setup the filesystem
Create a jail directory:
Optionally, bind mount the filesystem to be shared to this directory. In this example,
/mnt/data/share
is to be used. It is owned by root and has octal permissions of 755.Tip: Consider adding an entry to
/etc/fstab
to make the bind mount survive a reboot.Create an unprivileged user
Create the share user and setup a good password:
Setup OpenSSH
Add the following to the end of
/etc/ssh/sshd_config
to enable the share and to enforce the restrictions:Restart
sshd.service
to re-read the config file.Test that in fact, the restrictions are enforced by attempting an ssh connection via the shell. The ssh server should return a polite notice of the setup:
Secure copy protocol (SCP)
Install, configure and startOpenSSH. It contains the scp utility to transfer files.
More features are available by installing additional packages, for example rsshAUR or scponly described below.
Warning: The scp protocol is outdated, inflexible and not readily fixed. Its authors recommend the use of more modern protocols like sftp and rsync for file transfer instead.[1]
General Usage
Linux to Linux
Copy file from a remote host to local host SCP example:
Copy file from local host to a remote host SCP example:
Copy directory from a remote host to local host SCP example:
Copy directory from local host to a remote host SCP example:
Copy file from remote host to remote host SCP example:
Linux to Windows
Use a Windows program such as WinSCP
Scponly
Scponly is a limited shell for allowing users scp/sftp access and only scp/sftp access. Additionally, one can setup scponly to chroot the user into a particular directory increasing the level of security.
installscponly.
For existing users, simply set the user's shell to scponly:
Adding a chroot jail
The package comes with a script to create a chroot. To use it, run:
- Provide answers
- Check that
/path/to/chroot
hasroot:root
owner andr-x
for others - Change the shell for selected user to
/usr/bin/scponlyc
- sftp-server may require some libnss modules such as libnss_files. Copy them to chroot's
/lib
path.
Uploads to Chroot jail root dir
For security reasons the directory set as the chroot directory must be owned by root with only root having write access to it otherwise sftp/ssh connections will be denied. This of course means regular users cannot upload files to the root directory. In order to get around this while not compromising security you can create a folder inside the chroot directory which the regular user or group has write access to, e.g:
Note: This will only allow users of group 'sshusers' to upload to (but not list the contents of) the 'uploads' directory. Use
chmod 770
to allow sshusers to view contents.Some applications utilizing SFTP do not allow input of sub-directories when performing operations (e.g. Adobe cs6 master collection mac full version cracked torrent. uploading files), and will attempt to upload files to the chroot base directory (which will be denied). In order to force these applications to use a specific sub-directory you can append the following to the 'ForceCommand' option:
Users on connect will then have their start directory change to the specified sub-directory (remember to restart the sshd server).
Retrieved from 'https://wiki.archlinux.org/index.php?title=SCP_and_SFTP&oldid=627353'
Sftp Linux Setup
All modern operating systems (Apple, Linux and Windows 10) now have have native command-line utilities that can be used to copy files to SFTP servers.
These tools can be used to copy files to Department linux login servers for remote file access or for transfering HTML/CSS to upload web content for SFTP servers for web publishing.
Command-line SFTP
Using the command/terminal application on either Windows 10, Apple or Linux computers, execute the following commands from within the local directory you want to copy files from:
![Sftp Sftp](https://guides.wp-bullet.com/wp-content/uploads/2018/08/sftp-download-linux-command-line.png)
Enter the server address information, your Netlink or COSI credentials.
- For web publishing to a personal webhome directory, specify the server as sftp.csc.uvic.ca (or sftp.cs.uvic.ca for COSI domain), and cd to /public_html as the destination path for the file copy.
- For web publishing to a shared group website, specify he server as sftp.csc.uvic.ca (or sftp.cs.uvic.ca for COSI domain), and cd to /htdocs as the destination path.
- For copying data to or from your Department Home directory, connect to one of the Department’s linux login servers as the destination server, you will default the root of your home directory.
- For copying data to or from a COSI Shared Group directory, connect to the COSI linux.cs.uvic.ca login server, and cd to the destination directory /groups/cosi_
researchgroup
.
The above command connects to the teaching sftp as
<username>
, changes to the remote directory /publich_html and performs a recursive copy of all files in the current local of your computer.Command-line SFTP with SSH-Keys
If you have configured an SSH-KEY, you can specify to use your private key to connect by using the ssh/sftp identity -i parameter in the command line:
SFTP using Linux GUI File Browser (Nautilus)
Cyberduck is not available for Linux platforms, but users wanting GUI SFTP can use the native Nautilus file browser in the Gnome desktop.
In the Nautilus file browser and click
+ other locations
at the bottom of the file browser. The connect to server dialog will open and enter the following connection string into the dialog and click the connect button: sftp://<username>@sftp.csc.uvic.ca/public_html
You will be promtpted for your account password. Once completed, a file browser window will open to your
/public_html
folder which you can use to drag-and-drop files into using the file browser.Using SSH-Keys with the Gnome File browser
In order to use SSH-KEYS within Gnome, the keys need to be pre-loaded by the ssh-agent for use by the gnome-keyring-daemon. Use the ssh-add command to pre-load the private ssh-key.
Sftp Linux Gui
Once the key has been pre-loaded, the Gnome file browser client will automatically try to use the key on future SFTP connection attempts.
More Information
Tutorial: Authenticating with SSH-Keys
Support: Department Network Storage
Support: Web Publishing to Department Web Servers
Support: Department Network Storage
Support: Web Publishing to Department Web Servers