DevOps Journey

FTP/SFTP

File Transfer Protocol and Secure FTP

FTP/SFTP

FTP and SFTP are protocols for transferring files over networks.

FTP (File Transfer Protocol)

Basics

  • Older protocol
  • No encryption
  • Sends password in plaintext
  • Two connections: control and data
  • Ports: 20 (data), 21 (control)

Why Not FTP?

  • Insecure (passwords visible)
  • Complex firewall requirements
  • No data integrity checking
  • Deprecated in favor of SFTP

SFTP (SSH File Transfer Protocol)

Advantages

  • Encrypted (uses SSH)
  • Single connection
  • Better firewall compatibility
  • Port 22 (same as SSH)
  • More secure
  • Recommended standard

Using SFTP

Command Line

# Connect to SFTP server
sftp user@example.com

# Connect on different port
sftp -P 2222 user@example.com

# Upload file
put local_file remote_path
put /tmp/file.txt /home/user/

# Download file
get remote_file local_path
get /home/user/file.txt /tmp/

# List files
ls
ls -la

# Change directory
cd /home/user

# Create directory
mkdir new_folder

# Delete file
rm file.txt

# Exit
bye

Batch Transfer

# Upload multiple files
sftp user@example.com << EOF
put file1.txt
put file2.txt
bye
EOF

# Using scp (simpler)
scp file.txt user@example.com:/home/user/
scp -r directory/ user@example.com:/home/user/
scp user@example.com:/home/user/file.txt /tmp/

SFTP Server Setup

Using SSH

# SFTP is built into SSH
# Install SSH
sudo apt install openssh-server

# Enable SFTP subsystem
# /etc/ssh/sshd_config
Subsystem sftp /usr/lib/openssh/sftp-server

# Restart SSH
sudo systemctl restart ssh

# Create SFTP user
sudo useradd -m -s /usr/sbin/nologin sftp_user
sudo passwd sftp_user

Restrict User to SFTP Only

# /etc/ssh/sshd_config
Match User sftp_user
    ChrootDirectory /home/sftp_user
    ForceCommand internal-sftp
    PermitTTY no
    X11Forwarding no
    PasswordAuthentication yes

GUI Tools

FileZilla

# Install
sudo apt install filezilla

# Run
filezilla

Configuration:

  1. Host: sftp://example.com
  2. Port: 22
  3. Username: user
  4. Password: pass
  5. Connect

WinSCP (Windows)

  • Connect with SFTP protocol
  • Host: example.com
  • Port: 22
  • Drag and drop files

Common Commands

# Check if SFTP is working
sftp -T user@example.com

# Verbose output
sftp -v user@example.com

# Use specific key
sftp -i /path/to/key user@example.com

# Transfer rate
sftp -l 1000 user@example.com

Monitoring

# Check SFTP logs
sudo tail -f /var/log/auth.log | grep sftp

# Monitor active connections
ss -tuln | grep 22

Security Best Practices

  • Use SFTP, not FTP
  • Disable FTP entirely
  • Use SSH keys instead of passwords
  • Restrict SFTP to specific directories
  • Monitor SFTP access
  • Keep SSH updated
  • Use strong passwords
  • Implement rate limiting
  • Use VPN for sensitive transfers
  • Verify checksums after transfer

DHCP

Dynamic Host Configuration Protocol

Email Protocols

SMTP, POP3, and IMAP protocols

On this page

FTP/SFTPFTP (File Transfer Protocol)BasicsWhy Not FTP?SFTP (SSH File Transfer Protocol)AdvantagesUsing SFTPCommand LineBatch TransferSFTP Server SetupUsing SSHRestrict User to SFTP OnlyGUI ToolsFileZillaWinSCP (Windows)Common CommandsMonitoringSecurity Best Practices