Transfer Files with SFTP
SSH File Transfer Protocol (SFTP) provides a mechanism for transferring, accessing, and managing files more securely compared to earlier protocols. It is a free and open-source utility that is available on all Linux systems. SFTP extends version 2.0 of the Secure Shell (SSH) protocol to provide greater security. This guide provides some background information about SFTP and explains how to use it to transfer files.
SFTP, sometimes referred to as the Secure File Transfer Protocol, was developed to address serious security concerns surrounding the original FTP protocol. Despite its acronym, it is based on the SSH program and not on the original FTP utility. SFTP is designed from scratch to provide comprehensive file management. This architecture allows SFTP to leverage and access SSH security and authentication features. One advantage of SSH is that all data is encrypted, including the control commands.
SFTP is a file management protocol rather than a pure file transfer utility. It also provides the ability to delete, rename, and move files, and create, list, and delete directories. SFTP requires the use of a secure channel, which it uses to carry out all operations. A number of protocols can provide this channel, but in practice, SSH is almost always used. When the secure channel has authenticated the client, SFTP can be used.
An enhancement over earlier protocols is that files are uploaded along with their basic attributes, such as timestamps. SFTP shares its default port
22 with SSH. This single-port architecture means it is easier to use and secure than other similar protocols. SFTP allows pipelined requests and asynchronous responses and uses binary communications. This is advantageous for security, but makes it difficult to log. Unfortunately, there are occasional compatibility issues between implementations from different vendors.
SFTP should not be confused with the original Simple File Transfer Protocol, which was also abbreviated as SFTP. This older protocol was never widely used and has fallen out of favor.
The Secure Copy Protocol (SCP) utility is commonly used for file transfers. However, it lacks the functionality of SFTP. Here is a comparison between the two protocols:
- SFTP provides a wider set of capabilities, including file and directory management commands, while SCP is only used for file transfers. SCP is generally preferred for quickly transferring a single file, while SFTP is better for more complex file management.
- SFTP is considered more system independent than SCP.
- SCP is faster than SFTP, especially over high-latency connections, because it uses a more efficient algorithm. SFTP also spends more time acknowledging packets.
- Both services are widely available on Linux systems, although SCP is more commonly used.
- Both protocols use SSH capabilities, and both are considered quite secure. They both protect data from being intercepted.
- SFTP can resume file transfers that have been paused. SCP does not do this.
- SCP is completely non-interactive, but SFTP provides an interactive option. Third-party GUIs are available for SFTP, but not for SCP.
File Transfer Protocol Secure (FTPS) extends the FTP protocol to integrate Transport Layer Security (TLS) security services. By comparison, SFTP is based on the SSH protocol. So FTPS is not related to SFTP, nor is it compatible with it. The two protocols differ in the following ways:
- While SFTP uses a single port (
22) for all requests, FTPS uses multiple ports. This makes FTPS more difficult to use and secure.
- SFTP uses the authentication methods from SSH. To use FTPS, an SSL certificate is also required. SFTP is considered easier to implement.
- FTPS is somewhat faster because the control and data channels run on two different connections. However, the performance difference is not as significant as the one between SFTP and SCP.
- FTPS services are somewhat more limited or restricted compared to SFTP. Certain file operations are not standardized or secured in FTPS.
- FTPS requires additional commercial or free software packages to be installed, whereas SFTP is installed as part of the SSH package.
- SFTP can use key-based authentication, but FTPS cannot.
- FTPS must be used on devices that lack SSH capabilities, such as cell phones.
- FTPS uses ASCII mode, which can corrupt binary files if the mode is not set correctly.
- FTPS can log file transfer activities in a human-readable format.
In summary, SFTP is a good, all-purpose utility with more functionality than the alternatives. It is the best choice for most remote file management scenarios. Due to its performance advantage, SCP is a better choice to transfer one or two large files. FTPS must be used if the source device does not support SSH or human-readable logging is required. All three protocols provide a good level of security for basic file transfers.
Follow our Setting Up and Securing a Compute Instance guide to update your system. You may also wish to set the timezone, configure your hostname, create a limited user account, and harden SSH access.
sudo. If you’re not familiar with the
sudo command, see the Linux Users and Groups guide.
Linux implements the SFTP protocol using the SFTP utility. Other SFTP clients are also available, but this guide only covers SFTP. This utility is installed as part of the SSH package.
Before performing any file operations, first, use SFTP to establish a connection to the remote computer. To connect successfully, you must have the appropriate privileges to access the remote system. While logged in to the local system, follow the steps below to establish a connection:
sftpcommand along with the username of the target account and the IP address of the remote system. Separate the username and address using a
sftp username@remote_system_addressIf SFTP is not using the standard port
22, specify the port number using the
-Poption, for example,
sftp -P port_number username@remote_system_address.
When prompted, provide the password associated with the specified user account.
Upon successful authentication, SFTP confirms the connection is now active and displays the
Connected to remote_system_address. sftp>
If you cannot connect to the remote server using SFTP, ensure the SSH server is running on the destination server. To verify the status of the SSH server, use the following command:
sudo systemctl status ssh
ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2021-08-31 12:13:14 UTC; 46min ago
sftp command is not available, install the
ssh package using
apt or another package manager.
In some cases, the UFW firewall might not be configured to allow SFTP requests. To allow SFTP configurations, enable the
Verify the current
ufwsettings to see whether
sshis allowed. If SFTP requests are allowed, port
22is shown with an action of
ALLOW. In this example, SFTP is not yet enabled.
sudo ufw status
OpenSSH ALLOW Anywhere Apache Full ALLOW Anywhere 80/tcp ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) Apache Full (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6)
Enable SSH to allow SFTP requests.
sudo ufw allow ssh
Rule added Rule added (v6)
22/tcpis now shown in the output using the
ufw statuscommand. If
ufwis not active, enable it using the
sudo ufw enablecommand.
sudo ufw status
Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere Apache Full ALLOW Anywhere 80/tcp ALLOW Anywhere 22/tcp ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) Apache Full (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 22/tcp (v6) ALLOW Anywhere (v6)
To terminate the SFTP connection at any time, enter
By default, the remote SFTP server places users in their home directory when they first connect. To confirm the working remote directory, use the
Remote working directory: /home/username
File navigation works much as it does in a normal Linux context. Use the
cdcommand to change to a new directory. To navigate relative to another directory, follow
cdwith the name of the target directory. The
cd ..command moves the context up one level.
cd wpbackup cd ..
cdcommand can also be used with an absolute pathname, as shown in the example below:
Return to the remote home directory at any time by entering
cdwithout any arguments.
To list the contents of the remote working directory, use the
These commands can all be preceded with an
lto execute the command locally. To change the local working directory, use the
lcdcommand. The command
lpwddisplays the local working directory.
llslists the contents of the local working directory.
lcd accounts lpwd
Local working directory: /home/username/accountsFile transfers occur to/from the local working and remote working directories. It is important to confirm both settings before performing any transfers. A common source of errors is forgetting to set the local working directory correctly.
To transfer files, use the
put commands. These commands can be used to transfer a single file or an entire directory. Additionally, SFTP allows users to resume interrupted transfers.
Set the local and remote working directories with the
lcdcommands. When transferring a file from the remote system, it is retrieved from the remote working directory and copied to the local working directory.
cd remote_source_directory lcd local_target_directory
To retrieve a single file from the remote system, enter the
getcommand and the name of the file. SFTP updates the progress of the transfer until it completes.
Fetching /home/username/states.txt to states.txt /home/username/states.txt 100% 51 50.5KB/s 00:00
To save the file with a different name, append the new name as the last argument to the
getcommand. In this example, the file named
states.txton the remote system is saved as
states2.txtin the local working directory.
get states.txt states2.txt
If the transfer is interrupted for any reason, resume it using the
Resuming /home/username/states.txt to states.txt /home/username/states.txt 100% 51 0.0KB/s 00:00
To retrieve all files in a directory, use the
getcommand with the
-roption and the name of the directory.
get -r php_backup
To upload a file to the remote server, use the
putcommand. The following example demonstrates how to transfer a single file. Once again, SFTP uses the local and remote working directories to identify the source and target directories.
Uploading countries.txt to /home/username/countries.txt countries.txt 100% 42 97.9KB/s 00:00
-roption to upload all files in a directory. The following example transfers all files in the
accountsdirectory to the remote working directory on the SFTP server.
put -r accounts
Uploading accounts/ to /home/username/accounts Entering accounts/ accounts/states2.txt 100% 51 119.3KB/s 00:00 accounts/states.txt 100% 51 138.2KB/s 00:00 accounts/cities.txt 100% 29 78.7KB/s 00:00 accounts/countries.txt 100% 42 118.3KB/s 00:00
Because SFTP provides full file management capabilities, it can duplicate most traditional Linux file commands. Users can rename or remove files, change permissions, add directories, or display information about files.
To remove a file on the remote system, use the
To remove an entire directory on the remote system, use the
rmdircommand. The directory must be empty before it can be removed.
mkdircommand can be used to create a new directory on the remote system. The new directory is created inside the remote working directory.
Rename a file on the remote system using the
rename testconnection.php testconnection2.php
SFTP provides all the Linux file administration commands, such as
chgrp. For example, to change file permissions, use the
chmod 644 testconnection2.php
Changing mode on /home/username/testconnection2.php
dfcommand provides information about disk usage on the remote system.
Size Used Avail (root) %Capacity 78.2GB 7.1GB 67.2GB 71.1GB 9%
SFTP provides a mechanism to run a local command that is not available in SFTP without breaking the connection. To escape to the local shell, type
exitto return to the SFTP prompt.
SFTP supports wild cards for most commands. To list all text files in the remote working directory, run the following command:
To display a full list of all the available SFTP commands, type
Available commands: bye Quit sftp cd path Change remote directory to 'path' ... !command Execute 'command' in local shell ! Escape to local shell ? Synonym for help
If you prefer to use a graphical user interface (GUI) to work with files remotely, there are several available options. FileZilla is a popular open source SFTP client that supports SFTP, FTPS, FTP, and IPv6. To learn how to install and use this tool, see our Transfer Files with FileZilla guide.
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
This page was originally published on