How to transfer s? Secure? ssh files with File Transfer (SFTP)
SFTP is a protocol for transferring files using SSH to secure the commands and data that are being transferred between the client and the server. When using FTP, the data that is being transferred is not encrypted, exposing this data to eavesdropping, tampering, or message forgery. With SFTP, the data that is transferred between the client and the server is encrypted, preventing unauthorized users from accessing your data.
Components Needed
To transfer files using the SFTP protocol, you will need a server that is configured for SFTP and a client that supports it.
How SFTP Works
There are two basic components to file transfer with SFTP; server validation and client authentication. These two components use public and private keys for authenticating communication between the client and the server. The server is validated by comparing the server's public key with the public keys stored on the client machine. The server's public key is usually contained in a file called "known_hosts" located on the server, and the client's public key is stored in an encrypted file on the local machine.
Clients can be authenticated in three different ways:
- Username and password
- Private key and passphrase
- Keyboard-interactive authentication
With username and password authentication, a user account is set up on the SFTP server. When using private key and passphrase authentication, the client's public key is added to the "authorized_keys" file on the server. Once the server validation has occurred, the client must enter their passphrase in order to load their private key and complete the authentication process.
Keyboard-interactive authentication uses the method of asking the client a series of questions, and the client must answer these questions correctly in order to be authenticated. This allows for the implementation of assorted authentication methods. For example, username and password authentication can be disabled on the server, but keyboard-interactive authentication could be used to ask the client for their username and password.
File Compression
Most SFTP Clients provide an option to enable file compression. With this option enabled, data sent by the server is compressed before sending, and decompressed at the client end. Likewise, data sent to the server is compressed first and the server decompresses it at the other end. This can help to speed up file transfers, especially with low-bandwidth connections.
SFTP Versions
There are currently two versions of the SFTP protocol: SSH-1 and SSH-2. SSH-2 is a newer, more secure implementation. SSH-1 contains a known security vulnerability, and SSH-2 is recommended for optimum security.
SFTP vs FTPS
SFTP and FTPS are two entirely different protocols.
- SFTP uses SSH to secure transmissions whereas FTPS uses SSL security
- The standard port setting for FTP is 21. The default port for SFTP is 22
Summary
SFTP should be used when you need to transfer sensitive or confidential data between a client and a server that is configured to use SSH for secure transactions.
Tag
