sftp
Securely transfer files between systems
TLDR
Connect to a remote server and enter an interactive command mode
Connect using an alternate port
Connect using a predefined host (in ~/.ssh/config)
Transfer remote file to the local system
Transfer local file to the remote system
Transfer remote directory to the local system recursively (works with put too)
Get list of files on local machine
Get list of files on remote machine
SYNOPSIS
sftp [options] [user@]host[:path]
sftp [options] -b batchfile [user@]host
PARAMETERS
-4
Forces sftp to use IPv4 addresses only.
-6
Forces sftp to use IPv6 addresses only.
-a
Attempts to preserve access times of files during transfer.
-B buffer_size
Specifies the size of the buffer used for file transfers (e.g., 32768). Larger buffers can improve transfer speeds over high-latency networks.
-b batchfile
Enables batch mode, reading commands from the specified batchfile instead of standard input. This is useful for automating file transfer tasks.
-C
Enables compression (via ssh's -C option). This can be useful on slow connections but might add CPU overhead.
-i identity_file
Selects a file from which the identity (private key) for public key authentication is read. Multiple -i options are allowed.
-l limit
Limits the used bandwidth, specified in Kbit/s.
-P port
Connects to the specified port on the remote host instead of the default SSH port (22).
-q
Enables quiet mode, suppressing progress meters and most non-error messages from sftp and ssh.
-r
Recursively copy entire directories. This option is typically used with `get` and `put` commands within an interactive session, or for direct recursive transfers from the command line.
-v
Enables verbose mode. Causes sftp to print debugging messages about its progress. This is useful for debugging connection, authentication, and configuration problems.
DESCRIPTION
sftp is a file transfer program that utilizes the Secure Shell (SSH) protocol for secure data transmission. It offers a command-line interface similar to the traditional ftp client but with the crucial security benefits of SSH, including strong encryption and robust authentication.
Users can leverage sftp to securely copy files between local and remote hosts, manage directories, and perform various file-related operations over an untrusted network. Unlike scp, which is primarily designed for straightforward file copying, sftp provides a more interactive session, enabling users to navigate remote file systems, list directories, change file permissions, and execute multiple commands within a single, persistent connection.
It is widely preferred for secure file transfers in both interactive sessions and automated scripts, serving as a secure replacement for the insecure ftp protocol.
CAVEATS
sftp relies entirely on the underlying SSH protocol for security, meaning any vulnerabilities in SSH can affect sftp.
Unlike ftp, sftp does not natively support complex wildcard expansions directly from the shell; rather, commands like mput and mget handle multiple files with patterns within the interactive session.
While versatile, for very large bulk transfers or synchronization, tools like rsync over SSH might offer better performance and features.
INTERACTIVE COMMANDS
When run without specifying a remote path for direct transfer, sftp enters an interactive command mode. In this mode, users can issue various commands to navigate and manipulate files on both local and remote systems, similar to a traditional FTP client. Common interactive commands include:
ls: List remote directory contents.
lls: List local directory contents.
cd: Change remote directory.
lcd: Change local directory.
get: Download file from remote to local.
put: Upload file from local to remote.
mget: Download multiple files using wildcards.
mput: Upload multiple files using wildcards.
mkdir: Create remote directory.
rmdir: Remove remote directory.
rm: Delete remote file.
rename: Rename remote file.
chmod: Change remote file permissions.
chown: Change remote file owner.
chgrp: Change remote file group.
pwd: Print remote working directory.
lpwd: Print local working directory.
exit or bye: Exit sftp session.
SECURITY FEATURES
The primary advantage of sftp is its inherent security. All data transmitted, including usernames, passwords, commands, and file contents, is encrypted. This encryption protects against common network attacks such as eavesdropping, session hijacking, and man-in-the-middle attacks.
sftp leverages SSH's robust authentication mechanisms, supporting password-based authentication, public-key authentication (which is generally more secure), and other methods configured on the SSH server. This ensures that only authorized users can access and transfer files.
HISTORY
The SFTP protocol itself is an integral part of SSH Protocol Version 2, providing secure file transfer capabilities as an extension to the SSH connection. The sftp client and server implementations are a core component of the OpenSSH suite, which was developed as a free and open-source alternative to proprietary SSH implementations.
Since its widespread adoption, sftp has largely superseded the insecure ftp protocol for secure file transfers on Unix-like systems, offering strong encryption and robust authentication mechanisms inherited directly from SSH.