Professional Documents
Culture Documents
COM
SFTP (SSH File Transfer Protocol) is a secure file transfer protocol. It runs over the SSH protocol. It supports
the full security and authentication functionality of SSH.
SFTP has pretty much replaced legacy FTP as a file transfer protocol, and is quickly replacing FTP/S. It
provides all the functionality offered by these protocols, but more securely and more reliably, with easier
configuration. There is basically no reason to use the legacy protocols any more.
SFTP also protects against password sniffing and man-in-the-middle attacks. It protects the integrity of the
data using encryption and cryptographic hash functions, and autenticates both the server and the user.
Contents
SFTP port number is the SSH port 22 (follow the link to see how it got that number). It is basically just an SSH
server. Only once the user has logged in to the server using SSH can the SFTP protocol be initiated. There is
no separate SFTP port exposed on servers. No need to configure another hole into firewalls.
Basically, this copies one or more files to the given host. If user is given, then they are copied to that account
on the host. If no user is supplied, then the same user name as on the client side is assumed. If path is given,
then the files are copied to that directory (relative to the given user's home directory). If no path is given, the
files are copied to the user's home directory. If the -r option is supplied, then files may be directories, and the
given directory and all its subdirectories and files in them (recursively) are copied.
https://www.ssh.com/ssh/sftp/ 2/7
5/18/2018 SFTP File Transfer Protocol | SSH.COM
Commonly, the path would be ., i.e., the current directory.
Sshfs is a network file system for Linux that runs over the SFTP protocol. It can use any SSH server as a server,
and use remote files over the network as if they were local files. The remote file system can be mounted and
unmounted as desired. It is the most convenient way to mount remote files ad hoc, without the need for any
configuration by the server administrator. SSH keys can even fully automate establishing the connection to
the server. Basically, anyone who is able to log into the server can mount its file system, with access to those
files the user has access to.
On Linux, SFTP is often used as a command-line utility that supports both interactive and automated file
transfers. Public key authentication can be used to fully automate logins for automated file transfers.
However, proper lifecycle management of SSH keys is important to keep access under control.
Common use cases for automated file transfers include nightly system backups, copying data to disaster
recovery systems, distributing configuration data, and moving transaction logs to archival systems. Many
organizations have thousands of daily SSH transfers. In come cases, we have seen over 5 million daily
automated SSH logins.
SFTP PROTOCOL
The SFTP protocol runs over the SSH protocol as a subsystem. It was originally designed by Tatu Ylonen for
SSH 2.0 in 1997-1998. There is no separate SFTP port; it uses the normal SSH port.
The full documentation of the SFTP protocol can be found in the Internet-Draft draft-ietf-secsh-filexfer-02.
Th t l t lti l t ti E h ti i id tifi d b i b
https://www.ssh.com/ssh/sftp/ 4/7
5/18/2018 SFTP File Transfer Protocol | SSH.COM
The protocol supports multiple concurrent operations. Each operation is identified by a unique number
assigned by the client, and servers response contains the same identifying number. Server may process
requests asynchronously and may return responses out-of-order. For performance reasons, file transfer
clients often send multiple requests before stopping to wait for responses.
ATTRS t fil tt ib t
https://www.ssh.com/ssh/sftp/ 5/7
5/18/2018 SFTP File Transfer Protocol | SSH.COM
ATTRS: returns file attributes upon success
There is also an extension mechanism for arbitrary vendor-specific extensions. The extensions that are
supported are negotiated using the INIT and VERSION packets.
SFTP runs over SSH in the standard SSH port. Thus, no additional ports need to be opened on the
server and no additional authentication needs to be maintained. This simplifies configuration and
reduces the likelihood of configuration errors.
FTPS needs complicated firewall configuration and may not work over NAT. Ports 989 and 990 need to
be open. Furthermore, FTPS supports both active and passive modes (see FTP), which further
complicates firewall configurations and is prone to problems.
FTPS requires an X.509 certificate for the server, typically from a public certificate authority. SSH works
without any centralized infrastructure. SFTP can utilize whatever host key distribution or certification
method is in use for SSH, without needing additional work and ongoing maintenance.
FTPS is basically FTP, which means it has ASCII mode, which can corrupt files if the mode is not
properly set. Some implementations default to ASCII mode.
FTPS cannot be used as a file system. (This does not improve security, as it can still read the same files.)
FTPS requires an extra server software package to be installed and patched, whereas SFTP usually
comes with SSH with the system.
SFTP SCREENSHOT
https://www.ssh.com/ssh/sftp/ 6/7
5/18/2018 SFTP File Transfer Protocol | SSH.COM
Copyright © 2017 SSH Communications Security, Inc. All Rights Reserved. See Service Terms and Privacy
Policy.
https://www.ssh.com/ssh/sftp/ 7/7