How to Use SFTP to Securely Transfer Files with a Remote Server

The Secure File Transmission Protocol (SFTP), a secure network protocol, enables file transmission, access, and management over a steady data stream. Passwords and other secret information cannot be delivered across a network unprotected because SFTP, unlike normal FTP, encrypts both data and instructions. This security update is implemented using the Secure Shell (SSH) encryption protocol. SSH is the protocol that SFTP uses to operate. When an SFTP client connects to an SFTP server, it starts an encrypted SSH session and connect using the default port 22. All orders and data transfers after this secure session are safe.

Setting Up SFTP on Your Local Machine

Installing and configuring the OpenSSH server, which includes SFTP functionality, is the first step towards setting up SFTP on a local workstation. Here is a detailed guide on setting up SSH File Transfer Protocol (SFTP) on Ubuntu system.

Requirements

• System running in Ubuntu

• Root access or user with sudo privilege

Next, follow these steps.

1. Update the package lists to ensure to have the most recent information on package versions and dependencies. Run the command below: 

sudo apt update && sudo apt upgrade -y

2. Install the SFTP server by installing the OpenSSH server package. Run the command below: 

sudo apt install openssh-server -y

3. Verify if the ssh service is running by executing the following command: 

systemctl status ssh

 In the output, you should see the Active (running) status.

4. Enable the ssh service to start at boot time. Use the command: 

sudo systemctl enable ssh

5. Run the command shown below to make sure the SFTP is configured correctly on the SSH configuration.

sudo nano /etc/ssh/sshd_config

The line below should be present and not commented out as shown in the screenshot.

Subsystem       sftp    /usr/lib/openssh/sftp-server

6. Create a user for SFTP access, which will be used to connect to the SFTP server. Run the command below and supply the question prompted (highlighted in the screenshot).

sudo adduser user_sftp

7. Restrict the home directory of the SFTP user (user_sftp) by adding the following lines at the end of the /etc/ssh/sshd_config file.

Match User user_sftp
ChrootDirectory /home/user_sftp
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no

Proceed with the modification by running the command below then save and exit.

sudo nano /etc/ssh/sshd_config

8. Since user_sftp is being restricted, change the owner and group of the home directory of user_sftp to root. Run the command below.

sudo chown root:root /home/user_sftp

9. Change the user_sftp permission's home directory so that only root has read, write, and execute permission. Only read and execute access will be granted to the group and others. Execute the command below.

sudo chmod 755 /home/user_sftp

10.  Now that user_sftp is restricted, make a directory for user_sftp to upload and download files in the user_sftp home directory (home/user_sftp). 

sudo mkdir -p /home/user_sftp/remote_dir_upload

11. In the newly created directory, set user_sftp as the owner and group. Run the command below.

sudo chown user_sftp:user_sftp  /home/user_sftp/remote_dir_upload

12. Finally grant full permission (read, write, and execute) only to user_sftp while denying permission to others.

sudo chmod 700   /home/user_sftp/remote_dir_upload

13.  Validate the permission set by running the commands below respectively.

ls -ld /home/user_sftp

ls -ld /home/user_sftp/remote_dir_upload

14. Restart the ssh service for changes to take effect.  

sudo systemctl restart ssh

Connecting to a Remote Server via SFTP

There are two methods in connecting to a remote SFTP server. These are made available via command-line tools and graphical interfaces such as Filezilla and WinSCP.

1. To connect via command-line, run the command below from the local machine.

Syntax: sftp username@ip_sftp_server

For example:

sftp [email protected]

2. To connect via graphical interface (WinSCP), launch the WinSCP application and supply the Host Name (the IP Address of SFTP server), User Name and Password then click Login.
   

Uploading Files to the Remote Server

SFTP allows to upload files to a remote server using both command-line tools and graphical clients.

To upload file via command line, follow the instructions below: 

1. After successful login to the SFTP server, in the SFTP command prompt, go to the directory on the remote server where to upload the file.

cd remote_dir_upload

2. Run the put command below to upload the file from your local workstation to the remote server.

Syntax: put <name of file to upload>

For example:

put file_upload

3. Once the upload completed, exit on the SFTP session.

exit

To upload file using graphical interface WinSCP, follow the instructions below.

1. After successful login using WinSCP to the SFTP server, navigate to the remote directory at the right side of panel and source directory at the left panel.

2. Double click on the remote directory, On the source directory, right click the file to be uploaded and click Upload.

3. A dialogue box prompt will pop out to confirm the location of the remote directory. If it is correct, just click OK to confirm.

3. Wait for the upload to complete. After the upload completed, the file should now visible on the remote directory.
   

Downloading Files from the Remote Server

SFTP allows also to download file to a remote server using both command-line tools and graphical clients.

To download file via command-line, follow the instructions below.

1. In the SFTP command prompt, go to the directory on the remote server with the file to be downloaded.

cd remote_dir_upload

2. Run the get command below to download the file from your sftp server to the local workstation.

Syntax: get <name of file to upload>

get file_upload

3. Once the download completed, exit on the SFTP session.

exit

To download file using WinSCP graphical interface, follow the instructions below.

1. Navigate to the remote directory at the right side of panel and source directory at the left panel.

2. Double click on the remote directory, right click the file to be downloaded and click Download.

3. Wait for the download to complete. After the download completed, the file should now visible on the source directory.

Managing Files and Directories

Different command-line tools and GUI applications (such as FileZilla or WinSCP) can be used to manage the files and directories on an SFTP server.

1. From the command line tools, the commands listed below are commonly used to manage files and directories on an SFTP server.

• • ls – list the files and directories

  • cd – navigate to the working directory

  • put – upload a file or directory

  • get – download a file or directory

  • rm – remove / delete a file

  • rmdir – remove or delete a directory

  • mkdir – create a directory

2. From GUI tools like WinSCP, the actions below can be performed to manage the files and directories.

• • Navigating directories using the file explorer.
  • Using the right-click menu to upload, download, rename, remove, or create directories.
  • Moving files between the local and remote workstation by drag and drop.

Security Considerations

To improve SFTP security, make sure every user has a strong, complicated password in order to prevent unwanted access.

Allow users to have minimal access as necessary for their function. To restrict access, set the appropriate file and directory permissions.

An alternative to password authentication is SSH key-based authentication. SSH keys offer increased security and resilience against brute force attacks. To provide an additional degree of security, use two-factor authentication.

Consider also to change the default port 22 of SFTP.

Set firewalls in place to manage who can access the SFTP server. Allow only trusted IP addresses. To block IP addresses after a specified amount of failed login attempts, use software such as Fail2Ban.

Enable SFTP logs and keep an eye on them to identify any strange activity.

To get rid of any security flaws, make sure the SFTP server software and all associated packages are updated on a regular basis. 

Troubleshooting Common Issues

The following are the most common issues experienced when using SFTP.

• When connecting to the SFTP server, user is getting Connection refused Error. 

To fix this issue, ensure that the ssh service is running. To verify if it is running, execute the following command.

sudo systemctl status ssh

As shown in the screenshot above, the ssh service is inactive (dead), indicating that it is not running. Start the ssh service by performing the following command.

sudo systemctl start ssh

If everything goes well, use the following command again to verify that the service is now running. The user should be able to connect now on SFTP.

sudo systemctl status ssh

• If the firewall is enabled, check the firewall rules to confirm that port 22 is open. Validate it through running the command below.

sudo ufw status

If the port 22 is not allowed; open it by running the command below.

sudo ufw allow 22

Conclusion

In conclusion, using SFTP to securely transfer files with a remote server offers a reliable and encrypted method to manage your data. In this guide, we've covered everything from an introduction to SFTP and setting it up on your local machine to connecting to a remote server, uploading and downloading files, managing directories, and addressing security considerations.