Introduction
SFTP (SSH File Transfer Protocol, sometimes called Secure File Transfer Protocol) is a network protocol that provides file transfer and manipulation functionality over any reliable data stream. It is typically used with version 2 of the SSH protocol (TCP port 22) to provide secure file transfer, but is intended to be usable with other protocols as well.
SFTP is a secure form of the ftp command. Whenever a user opens up a regular ftp session or most other TCP/IP connections, the entire transmission made between the host and the user is sent in plain text. Anyone who has the ability to snoop on the network packets can read the data, including the password information. If an unauthorized user can login, they have the opportunity to compromise the system.
When using ssh’s sftp instead of the ftp, the entire login session, including transmission of password, is encrypted. It is therefore much more difficult for an outsider to observe and collect passwords from a system using ssh/sftp sessions.
Following packets screenshots are showing the difference between the FTP & SFTP packets:
FTP Packet transmission
The highlighted area, in the above screenshot of FTP packet capture, is showing the user name & password in simple text form.
SFTP Packet Transmission
SFTP packet transmission is not showing any user name & password information in packet capture.
Downloading Package
In Linux, OpenSSH application can be used for SFTP server or client. This application also contain the SSH server & client but due to its high memory requirement, we are not going to use it for SSH server & client. Dropbear is a good alternative (lightweight) application for SSH server & client implementation. The dropbear doesn’t have the SFTP support but SFTP of openssh can be used with dropbear also.
To download the openssh application, click here. For the latest version of dropbear, click here.
Configure Dropbear SSH server
SSH server can’t work independently, it require SSH server (like dropbear) to run. Dropbear require libz & libcrypto to run, so please first install them (if not install already). To install the dropbear SSH server, follow the steps given below.
-bash-3.2# tar –xvf dropbear-0.52.tar.bz2
-bash-3.2# cd dropbear-0.52
-bash-3.2# ./configure
-bash-3.2# make PROGRAMS=”dropbear dbclient dropbearkey dropbearconvert scp”
-bash-3.2# make PROGRAMS=”dropbear dbclient dropbearkey dropbearconvert scp” install
It will install the dropbear SSH server. Now you can create the softlink of dbclient as ssh. It is not mandatory, you can also use dbclient instead of ssh command.
-bash-3.2# ln –s /usr/local/bin/dbclient /usr/bin/ssh
To start the dropbear SSH server, first create the dss & rsa keys (for the encryption of SSH packets) in /etc/dropbear directory. SSH server does work without encryption, so it is mandatory to create the keys.
-bash-3.2# dropbearkey –t dss –f /etc/dropbear/dropbear_dss_host_key
-bash-3.2# dropbearkey –t rsa –f /etc/dropbear/dropbear_rsa_host_key
Now dropbear can be started simply by following command.
-bash-3.2# dropbear
If above will done properly you can connect your system via SSH.
Configure OpenSSH SFTP-server
We need only SFTP-server application from OpenSSH package. To get the sftp-server, compile the openssh by following method.
-bash-3.2# tar –xvf openssh-5.2p1.tar.gz
-bash-3.2# cd openssh-5.2p1
-bash-3.2# ./configure
-bash-3.2# make sftp-server
It will compile only sftp-server from openssh package. You can find sftp-server binary in your current directory (openssh package directory). Copy the sftp-server binary file to /usr/libexec directory.
-bash-3.2# cp sftp-server /usr/libexec/sftp-server
Sftp-server may require libz.so.1 or libz.so.2 (softlink of libz library file) and libcrypto.so.5 or libcrpto.so.6 (soflink of libcrypto library). You can check this by executing the sftp-server binary in your system, it will show error if any required library or softlink is missing.
-bash-3.2# /usr/libexec/sftp-server
/usr/libexec/sftp-server: error while loading shared libraries: libcrypto.so.5: cannot open shared object file: No such file or directory
Above error can be recovered simply by creating a softlink of libcrpto library as libcrypto.so.5.
-bash-3.2# ln –s /lib/libcrypto.so.0.9.8b /usr/lib/libcrypto.so.5
Now you can able to connect your system using SFTP.
SFTP client applications
WinSCP – Free windows client with SFTP, SCP and FTP capability
PSFTP (an SFTP client, i.e. general file transfer sessions much like FTP)
FileZilla Client (also referred to as FileZilla) is a free, open source, cross-platform FTP as well as SFTP client.
SFTP is a command-line program that implements the client part of SFTP, supplied with OpenSSH package.
Linux Explore 
Pingback: SFTP (Secure File Transfer Protocol) With Dropbear « Linux Explore
Pingback: PAM with Radius Authentication « Linux Explore
It looks like you are a real expert. Did you study about the topic? hrhr
Offcourse yes, i am not actually real expert but i am good in working linux. I test all these topics by myself & then post here.
I am so happy to read this. This is the kind of manual that needs to be given and not the random misinformation that is at the other blogs. Appreciate your sharing this best doc.
Thanks for appreciation. I removed weblink from your comment because i don’t want any weblink here.
Thanks again.
Pingback: 2010 in review « Linux Explore
Doesn’t seem to work, when I run sftp-server, it runs (using top), but I’m unable to connect via sFTP. Since there’s no other guide on the internet about this, would you mind updating (or checking that this method still works)?
Thank-you!
Hey there, You’ve done an incredible job. I will certainly digg it and personally recommend to my friends. I’m sure they’ll be benefited from this web site.
I am exactly looking for same and finally i got it.
Very nice and helpful.
Thanks
My pleasure :)
Pingback: Raspberry Pi Home Server – FTP ? SFTP ? FTPS ? | Raspberry Pi Home Server
Pingback: Raspberry Pi Home Server – FTP ? SFTP ? FTPS ? | Raspberry Pi Home Server
Basically good writeup. That if truth be told once was some sort of discretion consideration this. View complex to much more unveiled acceptable within you! On the other hand, exactly how can we all keep in touch?
First of all good article
but now one of the images is missing.
I run dropbear on CentOS the setup is simpler.
I will write it here for those who use dropbear on low end VPS like me.
– Suppose you already have SSH.
– You just install Dropbear with yum (not sure which repo.)
yum install dropbear
– select dropbear to run at startup using chkconfig. in my case:
chkconfig sshd off
chkconfig dropbear on
(This will not affect until next reboot)
– generate dropbear dss & rsa keys like article above.
– to use sftp you just have to create link like this
ln -s /usr/libexec/openssh/sftp-server /usr/libexec/sftp-server
– reboot
now you good to go. (If I not miss anything.)
Thanks for this addition, it is really simple who can use yum. :-)
Hi,
I have dropbear and also n sftpclient binary. When I run sftpclient for one server it worked fine but when tried for another it does not. Any idea why it is so? am i missing something?
Pingback: dropbear in dd-wrt – c800