Most probably you have used many times an FTP server and most probably you find it really useful when you need to upload and download your files to/from your server. For me FTP also is a very useful tool since I can modify my websites, programs, services, etc very quickly.
There is a downside of FTP and is security.. Nowadays you have heard of many “hacker” attacks to websites, servers, companies and so on. You would think that they hacked it inserting malicious code into programs.. (well, sometimes they do ) .. but you would not believe that a great percentage of the attacks are done as simply as inserting the admin’s password. The question is, HOW DO THEY GET THAT PASSWORD?
If you haven’t read about how FTP protocol works, you can do it here: http://en.wikipedia.org/wiki/File_Transfer_Protocol
The FTP protocol is very stable, you can transfer many files across the network, etc etc but the downfall is, YOUR USERNAME AND PASSWORD ARE SENT AS CLEAR TEXT!!! So now you understand how hackers get the admin’s password. Simply by sniffing the network they can get any FTP user/pass.
So what can we do to send our credentials encrypted over the network so that nobody can use it for illegal proposes? Well this is where SFTP comes on. The “S” before the FTP means Secure and it is implemented using OpenSSH.
Now we are going to configure it using Ubuntu.
First of all you have to install OpenSSH. You can see here HOW TO: Install SSH Server
Once you install OpenSSH the service SFTP is already installed as default.
Now we can start using SFTP almost the same way you use SSH. (There are GUI softwares that help you do this in an easier way)
For logging in:
You have to replace “user” for the name of the user you will use and “server.com” for the name or IP of the server you will connect to.
Remember: the user has to be registered in the server and has to have a console like /bin/bash to work.
Once you are logged in the following commands are valid (the most basic and useful):
- cd Change Directory on the remote computer/server
- get Get/Download the remote file to your local machine
- put Puts/Uploads the Files from your local machine to the remote machine
- ls List the remote directory where you are. You can see the files on this folder
- lls List the local directory where you are. You can see the files on your computer
- lcd Change Local Directory. (Your local machine)
Uploading a file to server:
put /path/to/local/file /path/to/remote/file
Downloading a file to your computer:
get /path/to/remote/file /path/to/local/file
List the remote directory:
Change remote directory:
I hope with this basic commands you can start using SFTP so that you can work in a safer way.