Introduction
In today’s world, information security is paramount, especially when it comes to moving data between systems. The SFTP protocol (“SSH File Transfer Protocol”) offers a robust and encrypted solution for transferring files over the same secure channel provided by SSH. In this article we will explore in depth the sftp command available in most Linux distributions, from its installation to advanced usage, including tricks to automate transfers and ensure the confidentiality of your data.
What is SFTP?
SFTP is not simply a secure version of FTP; it is a distinct protocol that runs over the SSH (Secure Shell) protocol. Unlike FTP, which transmits credentials and data in plain text, SFTP encrypts both authentication and transferred data, protecting them against interceptions and manipulations. Furthermore, SFTP allows performing file system operations such as listing directories, creating folders, deleting files, and changing permissions, all within a secure session.
Installation of the SFTP client
Most Linux distributions include the sftp client as part of the openssh-client package. To verify if it is installed, open a terminal and run:
which sftp
If you do not get a path, you can install it using your distribution’s package manager:
- On Debian/Ubuntu:
sudo apt-get update && sudo apt-get install openssh-client - On Fedora:
sudo dnf install openssh-clients - On Arch Linux:
sudo pacman -S openssh
Once installed, the command will be available globally.
Basic connection to an SFTP server
To start an sftp session you need to know the server address, the port (default 22), and a user with access permissions. The basic syntax is:
sftp usuario@servidor
If the server uses a different port, specify it with the -P option:
sftp -P 2222 usuario@servidor
After authenticating (via password or SSH key), the sftp> prompt will appear, from where you can execute commands.
Most used commands within the SFTP session
Once inside, the operation is similar to a file shell. Some of the most common commands are:
ls– list the content of the current remote directory.cd ruta– change to the indicated remote directory.lcd ruta– change to the local directory (on your machine).get archivo– download a file from the server to local.mget patrón– download several files that match a pattern (for example,mget *.log).put archivo– upload a local file to the server.mput patrón– upload several local files.mkdir directorio– create a directory on the server.rm archivo– delete a remote file.rmdir directorio– delete an empty remote directory.rename viejo nuevo– rename a file or directory.exitobye– close the session.
These commands can be combined and can be used with absolute or relative paths.
File transfer without manual intervention
To automate tasks, SFTP supports batch mode. First create a command file (for example, batch.txt) with the instructions you want to execute, one per line:
cd /var/www/html put index.html put style.css exit
Then run sftp with the -b option:
sftp -b batch.txt usuario@servidor
If you want the connection to use SSH key-based authentication, make sure your SSH agent has the key loaded or specify the key file with -i:
sftp -i ~/.ssh/id_rsa -b batch.txt usuario@servidor
This technique is ideal for backup scripts, deployments, or periodic synchronization via cron.
Security considerations
Although SFTP already encrypts communication, it is good practice to reinforce security:
- Use public-key authentication instead of passwords.
- Disable direct root access via the PermitRootLogin no directive in
/etc/ssh/sshd_configon the server. - Limit users
This post is also available in ESPAÑOL.