• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • SFTP or Secure File Transfer Protocol is a secure remote file transfer utility based on File Transfer Protocol (FTP).

    FTP traffic is unencrypted and insecure which is why it has been mostly replaced by SFTP.

    SFTP runs over SSH protocol by default on TCP port 22 and offers the same set of security and encryption capabilities as SSH. Default SSH daemon running as part of OpenSSH server on Linux systems supports basic features of SFTP protocol by default though there is separate dedicated software available like vsftpd which can be configured to get extra features and customizations.

    In this article, we’ll cover the usage of SFTP from the command line. I’ll be using an Ubuntu system though commands listed here will work on any Linux system with sftp client.

    Before getting into commands, you should know that SCP is getting deprecated and as an alternative, it’s good to get familiar with the SFTP command. You can do pretty much everything with SFTP that you do with SCP.

    Copying files

    SFTP can be used as a replacement for SCP (Secure Copy) command on some supported use cases. One such case is using SCP to push or pull files from a remote server in one go.

    The syntax for uploading using the SCP command goes like this:

    $ scp {local-path} {user}@{remote-host}:{remote-path}

    And for downloading like this:

    $ scp {user}@{remote-host}:{remote-file-path} {local-path}

    Similarly, we can use the following sftp command syntax to upload files to a remote server:

    $ sftp {user}@{host}:{remote-path} <<< $'put {local-path}'

    Below is one demo showing uploading of files using sftp as a one-liner:

    $ sftp [email protected]:/home/ftpuser/remote_test_dir <<< $'put /home/abhisheknair/new_file'
    [email protected]'s password:
    Connected to 192.168.1.231.
    Changing to: /home/ftpuser/remote_test_dir
    sftp> put /home/abhisheknair/new_file
    Uploading /home/abhisheknair/new_file to /home/ftpuser/remote_test_dir/new_file
    /home/abhisheknair/new_file                                                           100%    9     7.2KB/s   00:00
    $

    To download a file from a remote server, use the below command syntax:

    $ sftp {user}@{remote-host}:{remote-file-name} {local-file-name}

    Here’s a demo of downloading a file in one line using sftp:

    $ sftp [email protected]:/home/ftpuser/new_file1 /home/abhisheknair/new_local_dir
    [email protected]'s password:
    Connected to 192.168.1.231.
    Fetching /home/ftpuser/new_file1 to /home/abhisheknair/new_local_dir/new_file1
    /home/ftpuser/new_file1                                                               100%   12     3.6KB/s   00:00
    $

    You may also exchange the SSH key for password-less authentication.

    Connecting to an SFTP server

    To initiate an SFTP connection, use sftp command with a username and remote host’s name or IP. Default TCP port 22 should be open for this to work or else explicitly specify the port using -oPort flag.

    I’m connecting to an SFTP server with IP 192.168.1.231. The first time you connect to an SFTP server, you’ll be prompted to confirm the server fingerprint like SSH. Once confirmed by typing ‘yes‘ connection proceeds and prompts for a user’s password.

    On a successful connection, you’ll be shown sftp> prompt.

    $ sftp [email protected]
    The authenticity of host '192.168.1.231 (192.168.1.231)' can't be established.
    ECDSA key fingerprint is SHA256:k90E28Pfnjoiq1svFw18dA2mazweoCmR5Hqi8SH0mj0.
    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
    Warning: Permanently added '192.168.1.231' (ECDSA) to the list of known hosts.
    [email protected]'s password:
    Connected to 192.168.1.231.
    sftp>

    Check Version

    You can check the SFTP version using version command at sftp prompt.

    sftp> version
    SFTP protocol version 3
    sftp>

    Getting Help

    To get help about available commands and syntax for SFTP, use ‘?‘ or ‘help‘.

    sftp> ?
    Available commands:
    bye Quit sftp
    cd path Change remote directory to 'path'
    chgrp [-h] grp path Change group of file 'path' to 'grp'
    chmod [-h] mode path Change permissions of file 'path' to 'mode'
    chown [-h] own path Change owner of file 'path' to 'own'
    df [-hi] [path] Display statistics for current directory or
    filesystem containing 'path'
    exit Quit sftp
    get [-afpR] remote [local] Download file
    help Display this help text
    lcd path Change local directory to 'path'
    lls [ls-options [path]] Display local directory listing
    lmkdir path Create local directory
    ln [-s] oldpath newpath Link remote file (-s for symlink)
    lpwd Print local working directory
    ls [-1afhlnrSt] [path] Display remote directory listing
    lumask umask Set local umask to 'umask'
    mkdir path Create remote directory
    progress Toggle display of progress meter
    put [-afpR] local [remote] Upload file
    pwd Display remote working directory
    quit Quit sftp
    reget [-fpR] remote [local] Resume download file
    rename oldpath newpath Rename remote file
    reput [-fpR] local [remote] Resume upload file
    rm path Delete remote file
    rmdir path Remove remote directory
    symlink oldpath newpath Symlink remote file
    version Show SFTP version
    !command Execute 'command' in local shell
    ! Escape to local shell
    ? Synonym for help
    sftp>

    Show Working Directory

    When connected to a remote server, you can show the present working directory of the remote system using pwd command.

    sftp> pwd
    Remote working directory: /home/ftpuser
    sftp>

    To show the local system’s present working directory use lpwd command.

    sftp> lpwd
    Local working directory: /home/abhisheknair
    sftp>

    List Files

    You can list files in the remote working directory using ls command.

    sftp> ls
    remote_file1     remote_file2     remote_file3     remote_test_dir
    sftp>

    To list files in the local working directory, use lls command.

    sftp> lls
    bin  file1  file2  file3  lib  oci-scripts  sys_info.sh  test.tgz  testdir
    sftp>

    Switching Directories

    Switching the remote working directory can be done using cd command. Refer example below:

    sftp> pwd
    Remote working directory: /home/ftpuser
    sftp> ls
    remote_file1     remote_file2     remote_file3     remote_test_dir
    sftp> cd remote_test_dir
    sftp> pwd
    Remote working directory: /home/ftpuser/remote_test_dir
    sftp>

    To switch local working directory, use lcd command. Below is a simple example to show usage of lcd.

    sftp> lpwd
    Local working directory: /home/abhisheknair
    sftp> lls
    bin  file1  file2  file3  lib  oci-scripts  sys_info.sh  test.tgz  testdir
    sftp> lcd testdir
    sftp> lpwd
    Local working directory: /home/abhisheknair/testdir
    sftp>

    Upload Files

    To upload a single file, use put command. See how I upload local file1 to remote working directory using put command. I can verify it using ls command which prints the content of remote working directory.

    sftp> pwd
    Remote working directory: /home/ftpuser
    sftp> lpwd
    Local working directory: /home/abhisheknair
    sftp> ls
    remote_file1     remote_file2     remote_file3     remote_test_dir
    sftp> lls
    bin  file1  file2  file3  lib  oci-scripts  sys_info.sh  test.tgz  testdir
    sftp> put file1
    Uploading file1 to /home/ftpuser/file1
    file1                                                                                                                                                                          100%    6     6.0KB/s   00:00
    sftp> ls
    file1            remote_file1     remote_file2     remote_file3     remote_test_dir
    sftp>

    To upload multiple files in one go, we can use mput command as shown below. I use mput with a regular expression pattern file[23] which basically uploads file2 and file3 and skips file1 as it has already been uploaded in the previous step. You can use any wildcard or regular expression with mput.

    sftp> pwd
    Remote working directory: /home/ftpuser
    sftp> lpwd
    Local working directory: /home/abhisheknair
    sftp> ls
    file1            remote_file1     remote_file2     remote_file3     remote_test_dir
    sftp> lls
    bin  file1  file2  file3  lib  oci-scripts  sys_info.sh  test.tgz  testdir
    sftp> mput file[23]
    Uploading file2 to /home/ftpuser/file2
    file2                                                                                                                                                                          100%    6     6.5KB/s   00:00
    Uploading file3 to /home/ftpuser/file3
    file3                                                                                                                                                                          100%    6     5.3KB/s   00:00
    sftp> ls
    file1            file2            file3            remote_file1     remote_file2     remote_file3     remote_test_dir
    sftp>

    Download Files

    Single file using SFTP can be downloaded using get command. Here’s an example where I downloaded remote_file4 using sftp:

    sftp> pwd
    Remote working directory: /home/ftpuser/remote_test_dir
    sftp> lpwd
    Local working directory: /home/abhisheknair/testdir
    sftp> ls
    remote_file4
    sftp> lls
    file4
    sftp> get remote_file4
    Fetching /home/ftpuser/remote_test_dir/remote_file4 to remote_file4
    /home/ftpuser/remote_test_dir/remote_file4                                                                                                                                     100%   13     5.2KB/s   00:00
    sftp> lls
    file4  remote_file4
    sftp>

    To download multiples files, use <strong>mget</strong> command. I’m downloading here all files that matches pattern remote_file* in remote working directory to my local working directory. I finally use <strong>lls</strong> command to see the downloaded files.

    sftp> pwd
    Remote working directory: /home/ftpuser
    sftp> lpwd
    Local working directory: /home/abhisheknair/testdir
    sftp> ls
    remote_file1     remote_file2     remote_file3     remote_test_dir
    sftp> lls
    file4  remote_file4
    sftp> mget remote_file*
    Fetching /home/ftpuser/remote_file1 to remote_file1
    /home/ftpuser/remote_file1                                                                                                                                                     100%   12     5.9KB/s   00:00
    Fetching /home/ftpuser/remote_file2 to remote_file2
    /home/ftpuser/remote_file2                                                                                                                                                     100%   13     5.8KB/s   00:00
    Fetching /home/ftpuser/remote_file3 to remote_file3
    /home/ftpuser/remote_file3                                                                                                                                                     100%   13     7.3KB/s   00:00
    sftp> lls
    file4  remote_file1  remote_file2  remote_file3  remote_file4
    sftp>

    Create Directory

    A new directory can be created on a remote server using mkdir command.

    sftp> pwd
    Remote working directory: /home/ftpuser
    sftp> ls
    file1            file2            file3            remote_file1     remote_file2     remote_file3     remote_test_dir
    sftp> mkdir new_dir
    sftp> ls
    file1            file2            file3            new_dir          remote_file1     remote_file2     remote_file3     remote_test_dir
    sftp>

    Similarly, if you want to create a new directory on local system’s current working directory from sftp prompt, use lmkdir command.

    sftp> lpwd
    Local working directory: /home/abhisheknair
    sftp> lls
    bin  file1  file2  file3  lib  oci-scripts  sys_info.sh  test.tgz  testdir
    sftp> lmkdir new_local_dir
    sftp> lls
    bin  file1  file2  file3  lib  new_local_dir  oci-scripts  sys_info.sh  test.tgz  testdir
    sftp>

    Remove Directory

    An empty remote directory can be removed using rmdir command. Do note that if it is not empty, you’ll get an error.

    sftp> pwd
    Remote working directory: /home/ftpuser
    sftp> ls
    file1            file2            file3            new_dir          remote_file1     remote_file2     remote_file3     remote_test_dir
    sftp> rmdir new_dir
    sftp> ls
    file1            file2            file3            remote_file1     remote_file2     remote_file3     remote_test_dir
    sftp>

    Remove File

    A remote file can be removed using rm command.

    sftp> pwd
    Remote working directory: /home/ftpuser
    sftp> ls
    file1            file2            file3            remote_file1     remote_file2     remote_file3     remote_test_dir
    sftp> rm remote_file3
    Removing /home/ftpuser/remote_file3
    sftp> ls
    file1            file2            file3            remote_file1     remote_file2     remote_test_dir
    sftp>

    Rename File

    A remote file can also be easily renamed using rename command.

    sftp> pwd
    Remote working directory: /home/ftpuser
    sftp> ls
    file1            file2            file3            remote_file1     remote_file2     remote_test_dir
    sftp> rename remote_file1 new_file1
    sftp> ls
    file1            file2            file3            new_file1        remote_file2     remote_test_dir
    sftp>

    Filesystem Usage

    To display statistics for the current directory or filesystem containing ‘path’, use df command. We can use -h flag to show statistics in a human-readable format. Do note that the statistics shown are for the remote SFTP server’s respective filesystem and not the local machine’s filesystem.

    sftp> df
            Size         Used        Avail       (root)    %Capacity
        17811456      1845472     15965984     15965984          10%
    sftp> df -h
        Size     Used    Avail   (root)    %Capacity
      17.0GB    1.8GB   15.2GB   15.2GB          10%
    sftp>

    Quit SFTP Session

    To quit the SFTP session, use either bye, exit, or quit command. You’ll be returned to your OS prompt after exiting SFTP.

    sftp> exit
    $

    Conclusion

    SFTP is one of the best options available which is secure as well as easy to use. It offers CLI as well as GUI features and is supported across different platforms. Refer sftp man page for further reading.

    $ man sftp

    If interested in learning more then check out this Udemy Linux Mastery course.