SFTP (Secure File Transfer Protocol) With Dropbear


Introduction

SFTP (SSH File Transfer Protocol, sometimes called Secure File Transfer Protocol) is a network protocol that provides file transfer and manipulation functionality over any reliable data stream. It is typically used with version 2 of the SSH protocol (TCP port 22) to provide secure file transfer, but is intended to be usable with other protocols as well.

SFTP is a secure form of the ftp command. Whenever a user opens up a regular ftp session or most other TCP/IP connections, the entire transmission made between the host and the user is sent in plain text. Anyone who has the ability to snoop on the network packets can read the data, including the password information. If an unauthorized user can login, they have the opportunity to compromise the system.

When using ssh’s sftp instead of the ftp, the entire login session, including transmission of password, is encrypted. It is therefore much more difficult for an outsider to observe and collect passwords from a system using ssh/sftp sessions.

Following packets screenshots are showing the difference between the FTP & SFTP packets:

9-8-2009 11-56-59 AM

FTP Packet transmission

The highlighted area, in the above screenshot of FTP packet capture, is showing the user name & password in simple text form.

9-15-2009 9-50-49 PM

SFTP Packet Transmission

SFTP packet transmission is not showing any user name & password information in packet capture.

Downloading Package

In Linux, OpenSSH application can be used for SFTP server or client. This application also contain the SSH server & client but due to its high memory requirement, we are not going to use it for SSH server & client. Dropbear is a good alternative (lightweight) application for SSH server & client implementation. The dropbear doesn’t have the SFTP support but SFTP of openssh can be used with dropbear also.

To download the openssh application, click here. For the latest version of dropbear, click here.

Configure Dropbear SSH server

SSH server can’t work independently, it require SSH server (like dropbear) to run. Dropbear require libz & libcrypto to run, so please first install them (if not install already). To install the dropbear SSH server, follow the steps given below.

-bash-3.2# tar –xvf dropbear-0.52.tar.bz2

-bash-3.2# cd dropbear-0.52

-bash-3.2# ./configure

-bash-3.2# make PROGRAMS=”dropbear dbclient dropbearkey dropbearconvert scp”

-bash-3.2# make PROGRAMS=”dropbear dbclient dropbearkey dropbearconvert scp” install

It will install the dropbear SSH server. Now you can create the softlink of dbclient as ssh. It is not mandatory, you can also use dbclient instead of ssh command.

-bash-3.2# ln –s /usr/local/bin/dbclient /usr/bin/ssh

To start the dropbear SSH server, first create the dss & rsa keys (for the encryption of SSH packets) in /etc/dropbear directory. SSH server does work without encryption, so it is mandatory to create the keys.

-bash-3.2# dropbearkey –t dss –f /etc/dropbear/dropbear_dss_host_key

-bash-3.2# dropbearkey –t rsa –f /etc/dropbear/dropbear_rsa_host_key

Now dropbear can be started simply by following command.

-bash-3.2# dropbear

If above will done properly you can connect your system via SSH.

Configure OpenSSH SFTP-server

We need only SFTP-server application from OpenSSH package. To get the sftp-server, compile the openssh by following method.

-bash-3.2# tar –xvf openssh-5.2p1.tar.gz

-bash-3.2# cd openssh-5.2p1

-bash-3.2# ./configure

-bash-3.2# make sftp-server

It will compile only sftp-server from openssh package. You can find sftp-server binary in your current directory (openssh package directory). Copy the sftp-server binary file to /usr/libexec directory.

-bash-3.2# cp sftp-server /usr/libexec/sftp-server

Sftp-server may require libz.so.1 or libz.so.2 (softlink of libz library file) and libcrypto.so.5 or libcrpto.so.6 (soflink of libcrypto library). You can check this by executing the sftp-server binary in your system, it will show error if any required library or softlink is missing.

-bash-3.2# /usr/libexec/sftp-server

/usr/libexec/sftp-server: error while loading shared libraries: libcrypto.so.5: cannot open shared object file: No such file or directory

Above error can be recovered simply by creating a softlink of libcrpto library as libcrypto.so.5.

-bash-3.2# ln –s /lib/libcrypto.so.0.9.8b /usr/lib/libcrypto.so.5

Now you can able to connect your system using SFTP.

SFTP client applications

WinSCP – Free windows client with SFTP, SCP and FTP capability

PSFTP (an SFTP client, i.e. general file transfer sessions much like FTP)

FileZilla Client (also referred to as FileZilla) is a free, open source, cross-platform FTP as well as SFTP client.

SFTP is a command-line program that implements the client part of SFTP, supplied with OpenSSH package.

Advertisements

16 thoughts on “SFTP (Secure File Transfer Protocol) With Dropbear

  1. Pingback: SFTP (Secure File Transfer Protocol) With Dropbear « Linux Explore

  2. Pingback: PAM with Radius Authentication « Linux Explore

  3. I am so happy to read this. This is the kind of manual that needs to be given and not the random misinformation that is at the other blogs. Appreciate your sharing this best doc.

  4. Pingback: 2010 in review « Linux Explore

  5. Doesn’t seem to work, when I run sftp-server, it runs (using top), but I’m unable to connect via sFTP. Since there’s no other guide on the internet about this, would you mind updating (or checking that this method still works)?

    Thank-you!

  6. Hey there, You’ve done an incredible job. I will certainly digg it and personally recommend to my friends. I’m sure they’ll be benefited from this web site.

  7. Pingback: Raspberry Pi Home Server – FTP ? SFTP ? FTPS ? | Raspberry Pi Home Server

  8. Pingback: Raspberry Pi Home Server – FTP ? SFTP ? FTPS ? | Raspberry Pi Home Server

  9. Basically good writeup. That if truth be told once was some sort of discretion consideration this. View complex to much more unveiled acceptable within you! On the other hand, exactly how can we all keep in touch?

  10. First of all good article
    but now one of the images is missing.

    I run dropbear on CentOS the setup is simpler.
    I will write it here for those who use dropbear on low end VPS like me.
    – Suppose you already have SSH.
    – You just install Dropbear with yum (not sure which repo.)
    yum install dropbear
    – select dropbear to run at startup using chkconfig. in my case:
    chkconfig sshd off
    chkconfig dropbear on
    (This will not affect until next reboot)
    – generate dropbear dss & rsa keys like article above.
    – to use sftp you just have to create link like this
    ln -s /usr/libexec/openssh/sftp-server /usr/libexec/sftp-server
    – reboot

    now you good to go. (If I not miss anything.)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s