SFTP (SSH File Transfer Protocol, sometimes called Secure File Transfer Protocol) is a network protocol that provides file transfer and manipulation functionality over any reliable data stream. It is typically used with version 2 of the SSH protocol (TCP port 22) to provide secure file transfer, but is intended to be usable with other protocols as well.
SFTP is a secure form of the ftp command. Whenever a user opens up a regular ftp session or most other TCP/IP connections, the entire transmission made between the host and the user is sent in plain text. Anyone who has the ability to snoop on the network packets can read the data, including the password information. If an unauthorized user can login, they have the opportunity to compromise the system.
When using ssh’s sftp instead of the ftp, the entire login session, including transmission of password, is encrypted. It is therefore much more difficult for an outsider to observe and collect passwords from a system using ssh/sftp sessions.
Following packets screenshots are showing the difference between the FTP & SFTP packets:
FTP Packet transmission
The highlighted area, in the above screenshot of FTP packet capture, is showing the user name & password in simple text form.
SFTP Packet Transmission
SFTP packet transmission is not showing any user name & password information in packet capture.
In Linux, OpenSSH application can be used for SFTP server or client. This application also contain the SSH server & client but due to its high memory requirement, we are not going to use it for SSH server & client. Dropbear is a good alternative (lightweight) application for SSH server & client implementation. The dropbear doesn’t have the SFTP support but SFTP of openssh can be used with dropbear also.
Configure Dropbear SSH server
SSH server can’t work independently, it require SSH server (like dropbear) to run. Dropbear require libz & libcrypto to run, so please first install them (if not install already). To install the dropbear SSH server, follow the steps given below.
-bash-3.2# tar –xvf dropbear-0.52.tar.bz2
-bash-3.2# cd dropbear-0.52
-bash-3.2# make PROGRAMS=”dropbear dbclient dropbearkey dropbearconvert scp”
-bash-3.2# make PROGRAMS=”dropbear dbclient dropbearkey dropbearconvert scp” install
It will install the dropbear SSH server. Now you can create the softlink of dbclient as ssh. It is not mandatory, you can also use dbclient instead of ssh command.
-bash-3.2# ln –s /usr/local/bin/dbclient /usr/bin/ssh
To start the dropbear SSH server, first create the dss & rsa keys (for the encryption of SSH packets) in /etc/dropbear directory. SSH server does work without encryption, so it is mandatory to create the keys.
-bash-3.2# dropbearkey –t dss –f /etc/dropbear/dropbear_dss_host_key
-bash-3.2# dropbearkey –t rsa –f /etc/dropbear/dropbear_rsa_host_key
Now dropbear can be started simply by following command.
If above will done properly you can connect your system via SSH.
Configure OpenSSH SFTP-server
We need only SFTP-server application from OpenSSH package. To get the sftp-server, compile the openssh by following method.
-bash-3.2# tar –xvf openssh-5.2p1.tar.gz
-bash-3.2# cd openssh-5.2p1
-bash-3.2# make sftp-server
It will compile only sftp-server from openssh package. You can find sftp-server binary in your current directory (openssh package directory). Copy the sftp-server binary file to /usr/libexec directory.
-bash-3.2# cp sftp-server /usr/libexec/sftp-server
Sftp-server may require libz.so.1 or libz.so.2 (softlink of libz library file) and libcrypto.so.5 or libcrpto.so.6 (soflink of libcrypto library). You can check this by executing the sftp-server binary in your system, it will show error if any required library or softlink is missing.
/usr/libexec/sftp-server: error while loading shared libraries: libcrypto.so.5: cannot open shared object file: No such file or directory
Above error can be recovered simply by creating a softlink of libcrpto library as libcrypto.so.5.
-bash-3.2# ln –s /lib/libcrypto.so.0.9.8b /usr/lib/libcrypto.so.5
Now you can able to connect your system using SFTP.
SFTP client applications
WinSCP – Free windows client with SFTP, SCP and FTP capability
PSFTP (an SFTP client, i.e. general file transfer sessions much like FTP)
FileZilla Client (also referred to as FileZilla) is a free, open source, cross-platform FTP as well as SFTP client.
SFTP is a command-line program that implements the client part of SFTP, supplied with OpenSSH package.