How to use SFTP to securely transfer files with a remote server
What are FTP and SFTP?
FTP or “File Transfer Protocol” is a standard protocol for transferring files between two servers. FTP can also be insecure if not properly encrypted. If you’re using one of our Managed VPS or our shared platform then your FTP connection will be encrypted and secure.
SFTP, SSH File Transfer Protocol or Secure File Transfer Protocol is a different protocol that comes with SSH and works in a similar way. Unlike FTP, SFTP is always made over a secure connection. This connection can then be used to transfer files between servers and to traverse the filesystem on both servers.
When connecting to us, as both protocols are secure, you can use your protocol of choice. However, if you’re connecting to a system you’re unfamiliar with, in most cases you’re best off using SFTP for the connection. It’s more secure.
SFTP is part of many UI-based tools, and for those, we recommend referring to a guide for the tool in question. In this guide, we’ll demonstrate the use of SFTP through its command line interface.
Connecting using SFTP?
First off, if you’re connecting to a package with us, you’ll first need to make sure that you’ve unlocked the FTP/SFTP on the package in question. It can be unlocked for either a period of time or for the IP address you’ll be connecting from. FTP/SFTP can be unlocked on the right hand side of any package's control panel.
When connecting to us using either FTP or SFTP you’ll need to unlock it here first and then you’ll be able to connect using the given details. If the domain in question has a CNAME set up to point ftp.domain.com to ftp.stackcp.com then you can also connect to our FTP/SFTP using ftp.domain.com. If in doubt ftp.stackcp.com will always work though.
If you’re connecting by SFTP elsewhere you may need to refer to connection guides for the supplier in question. When connecting to a general server the same authentication methods are available that are present in SSH.
When using your own server we would recommend creating SSH keys and transferring your public key to any system that you need to access. This is more secure and can save you time in the long run.
Once the SFTP is unlocked with us or you have set up SSH keys or a different authentication method for your own server, you should now be able to connect to it using the following:
$ sftp username@serverhostname
So using the example from Image1 above that would be:
$ sftp firstname.lastname@example.org
If you are working on a custom SSH port (not the default port 22), then you can open an SFTP session as follows:
$ sftp -oPort=custom_port username@serverhostname
This won’t be necessary if using our shared or Managed Hosting on a VPS.
Once you’re connected to the remote server your prompt will change to an SFTP one.
The best command to learn first with SFTP is the help command. This will give you a summary of available SFTP commands. You can get help by typing either:
This will display a list of commands:
Available commands: bye Quit sftp cd path Change remote directory to 'path' chgrp grp path Change group of file 'path' to 'grp' chmod mode path Change permissions of file 'path' to 'mode' chown own path Change owner of file 'path' to 'own' df [-hi] [path] Display statistics for current directory or filesystem containing 'path' exit Quit sftp get [-P] remote-path [local-path] Download file help Display this help text lcd path Change local directory to 'path' lls [ls-options [path]] Display local directory listing lmkdir path Create local directory ln oldpath newpath Symlink remote file lpwd Display (‘print’) local working directory ls [-1aflnrSt] [path] Display remote directory listing lumask umask Set local umask to 'umask' mkdir path Create remote directory progress Toggle display of progress meter put [-P] local-path [remote-path] Upload file pwd Display (‘print’) remote working directory quit Quit sftp rename oldpath newpath Rename remote file rm path Delete remote file rmdir path Remove remote directory symlink oldpath newpath Symlink remote file version Show SFTP version !command Execute 'command' in local shell ! Escape to local shell ? Synonym for help
We’ll go through some of the more useful commands and how to use them in the following sections.
Navigating with SFTP
We can navigate around the remote server’s file system using commands similar to normal Linux system commands.
First off we can find out where we are in the file system of the remote server. Just like on a normal Linux server we can use the following to get the current directory:
Remote working directory: /
If you are using SFTP with us the home directory for the user will be displayed as / rather than the actual full path. On other servers you would get the output:
As this is the actual home path but when you are using SFTP with our shared or Managed VPS hosting this will be converted such that the user home path becomes just / and any commands should be done relative to this.
We can also view the contents of the current working directory using the ls command:
examplefile1.txt examplefile2.php public_html
The commands within the SFTP interface don’t have as many features as in a normal shell interface but they do have some of the more important optional flags:
sftp> ls -la
drwx--x--- 4 laravetest.com 48 4096 Sep 20 13:33 . drwx--x--- 4 laravetest.com 48 4096 Sep 20 13:33 .. -rw-rw-r-- 1 laravetest.com laravetest.com 959 Mar 8 2021 .bash_history drwxrwxrwx 3 laravetest.com laravetest.com 4096 Mar 8 2021 .composer -rw-rw-rw- 1 laravetest.com laravetest.com 67 May 14 2020 .htaccess -rw-r--r-- 1 laravetest.com laravetest.com 0 Sep 20 13:32 examplefile1.txt -rw-r--r-- 1 laravetest.com laravetest.com 0 Sep 20 13:33 examplefile2.php drwxrwxr-x 4 laravetest.com laravetest.com 4096 Mar 8 2021 public_html
To move between directories in the file system we can use the cd command.
sftp> cd public_html
We can now move around the remote server’s file system. We also need to be able to access and move around our local system as well though. We can run commands on the local file system by amending l to the front of the commands.
The commands we’re shown above have local file system equivalents so you can get the local working directory as follow:
Local working directory: /home
You can list the contents of the current working directory on the local machine:
config.php index.html local var
We can also move between directories on the local system.
sftp> lcd var
Transfering Files with SFTP
Being able to move between directories and see the files on both the remote and local system is good but you’ll also want to be able to move files between the servers.
Transferring Files from the Remote to the Local Server
In order to download files from the remote server to our local server we can use the get command:
sftp> get examplefile1.txt
Fetching /examplefile1.txt to examplefile1.txt
By default, the get command downloads a remote file to a file with the same name on the local file system.
You can also copy the remote file to a different name by specifying the name afterwards if you wish:
sftp> get examplefile1.txt localexample.txt
You can also use some option flags with the get command. For example you can copy a directory and all its contents by specifying the recursive option -r:
sftp> get -r public_html/
We can then also tell SFTP to keep the original permissions and access times for the downloaded files using -p.
sftp> get -rp public_html
Transferring Files from the Local to the Remote Server
Moving files from your local server to the remote server it just as easily done but this time you’ll need to use the put command:
sftp> put examplefile1.txt
Uploading examplefile1.txt to /examplefile1.txt examplefile1.txt
You can use the same flags with the put command as you can with the get command. To copy a local directory therefore, you can do:
sftp> put -r var
A useful tool to use when uploading and downloading files from a remote server is the df command. This works in a similar manner to the command line version. You can use this to check the amount of available on the remote server:
sftp> df -h
Note: here we’ve used the -h flag to make the output more human readable.
Size Used Avail (root) %Capacity 8.7TB 8.4TB 275GB 275GB 96%
There is no local version of the df command in SFTP so in order to check the storage you will need to exit out of the SFTP connection to run df locally.
You can do this with the ! command. This will take us back to the local server where we can check the disk usage:
$ df -h
Filesystem Size Used Avail Use% Mounted on devtmpfs 373M 0 373M 0% /dev tmpfs 404M 0 404M 0% /dev/shm tmpfs 404M 46M 358M 12% /run tmpfs 404M 0 404M 0% /sys/fs/cgroup /dev/vda1 25G 1.7G 24G 7% / tmpfs 81M 0 81M 0% /run/user/0
Any other command will also work as expected on the local server. You can then return to your SFTP session with:
You should now see your SFTP prompt again.
Basic File Manipulation
SFTP will also allow you to do simple file maintenance.
For example, you can change the owner of a file on the remote server by using:
sftp> chown userID file
When using SFTP the chmod command doesn’t accept usernames like with the command line equivalent but instead uses UIDs. There also isn’t an easy way to know the appropriate UID from the SFTP unfortunately.
Depending on your access permissions on the system you’re using, a workaround could be:
sftp> get /etc/passwd sftp> !less passwd
root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
In the above, instead of using ! on it’s own first we’ve amended it to the beginning of another command. This then runs the given command in the local shell as if we weren’t in the SFTP interface.
This will work for any command available on your local server and we could have used this to run the df command earlier.
The UID we need is in the third column of the output, as displayed by the separating colons.
In a similar fashion we can change the group owner of a file with:
sftp> chgrp groupID remotefilename
Unfortunately again there is no easy way to get a listing of the remote server’s groups. We can work around this using the following:
sftp> get /etc/group sftp> !less group
root:x:0: bin:x:1: daemon:x:2: sys:x:3: adm:x:4:centos tty:x:5: disk:x:6: lp:x:7: mem:x:8: kmem:x:9: wheel:x:10:admin cdrom:x:11: mail:x:12:
Like before the third column as denoted by the colons holds the UID for the group given in the first column.
Luckily the chmod command works as expected on the remote file system:
sftp> chmod 755 public_html
Changing mode on /public_html/
There isn’t a command for changing local file permissions but you can set the local umask meaning that any files copied from the remote to the local server will have the correct permissions.
This can be done using the lumask command:
sftp> lumask 022
Local umask: 022
Now any regular files downloaded from the remote server will have 644 permissions. Given that the -p flag is not used.
SFTP allows you to create directories on both local and remote servers using the lmkdir and mkdir respectively. These work as you would expect.
The following only target the remote file system:
sftp> ln sftp> rm sftp> rmdir
These commands have the same behaviour as their equivalent shell versions. If you need to use these commands on the local system then you can return to the local shell with !:
Or you can execute the command from the SFTP interface by amending it with a !:
sftp> !chmod 644 index.php
When you have finished with SFTP you can use exit or bye to close the connection.
While SFTP is a relatively simple tool, it’s very useful for administering servers and moving files between them.
A working example would be that you can use SFTP to enable particular users to transfer files without SSH access. If you set up additional FTP users in the control panel for the package with us, these can also be used with SFTP to allow multiple user SFTP access to different parts of a hosting package.
If you’re using FTP or SCP for your transfers then SFTP is a good way to have the strengths of both. Whilst SFTP isn’t the best tool for every situation, it is an effective and useful tool.