The sftp command in Linux: secure file transfer

Posted onbyBlockmyIP| Category:Linux terminal commands

Introduction

In today's world, information security is paramount, especially when it comes to moving data between systems. The SFTP protocol («SSH File Transfer Protocol») offers a robust and encrypted solution to transfer files using the same secure channel provided by SSH. In this article we will explore in depth the sftp command available in most Linux distributions, from its installation to its advanced use, including tricks to automate transfers and ensure the confidentiality of your data.

What is SFTP?

SFTP is not simply a secure version of FTP; it is a different protocol that runs over the SSH (Secure Shell) protocol. Unlike FTP, which transmits credentials and data in flat text, SFTP figures both authentication and data transferred, protecting them against interceptions and manipulations. In addition, SFTP allows file system operations such as listing directories, creating folders, deleting files and changing permissions, all within a secure session.

SFTP customer installation

Most Linux distributions include the sftp client as part of the openssh-client package. To check if it is installed, open a terminal and run:

which sftp

If you don't get a route, you can install it with your distribution package manager:

  • In Debian / Ubuntu:sudo apt-get update && sudo apt-get install openssh-client
  • In Fedora:sudo dnf install openssh-clients
  • In Arch Linux:sudo pacman -S openssh

Once installed, the command will be available globally.

Basic connection to an SFTP server

To start a sftp session you need to know the address of the server, the port (default 22) and a user with access permits. The basic syntax is:

user sftp @ server

If the server uses a different port, specify it with the -P option:

sftp -P 2222 user @ server

After authentication (by password or SSH key), the sftp > prompt will appear, from where you can run commands.

Most used commands within the SFTP session

Once inside, the operation is similar to a file shell. Some of the most common commands are:

  • ls- list the content of the current remote directory.
  • cd ruta- change to the indicated remote directory.
  • lcd ruta- change to the local directory (in your machine).
  • get archivo- download a file from the server to the local.
  • mget patrón- download several files that match a pattern (e.g.,mget *.log).
  • put archivo- upload a local file to the server.
  • mput patrón- he uploads several local files.
  • mkdir directorio- create a directory on the server.
  • rm archivo- removes a remote file.
  • rmdir directorio- removes a remote empty directory.
  • rename viejo nuevo- renombra a file or directory.
  • exitorbye- close the session.

These commands can be combined and used with absolute or relative routes.

File transfer without manual intervention

To automate tasks, SFTP supports batch mode. First create a command file (e.g.,batch.txt) with the instructions you want to run, one per line:

cd / var / www / htmlput index.htm mlput style.cssexit

Then run sftp with the -b option:

sftp -b batch.txt user @ server

If you want the connection to use SSH key-based authentication, make sure your SSH agent has the key loaded or specifies the key file with -i:

sftp -i ~/ .ssh / id _ rsa -b batch.txt user @ server

This technique is ideal for back-up scripts, deployments or regular cron synchronization.

Security considerations

Although SFTP already figures the communication, it is good practice to strengthen security:

  • Use public key authentication instead of passwords.
  • Disable direct root access through the directivePermitRootLogin noin/etc/ssh/sshd_configserver.
  • Limit users who can use SFTP using the internal-sftp and the directive subsystemChrootDirectoryto create cages.
  • Keep the OpenSSH package up to date to benefit from the latest security patches.
  • Record SFTP connections in/var/log/auth.log(Debian / Ubuntu) or/var/log/secure(RHEL / CentOS) for audit.

Common problem solution

If the connection fails, check these points:

  • Check that the SSH server is running:systemctl status sshd.
  • Check network connectivity withpingortelnet servidor 22.
  • Make sure the port is not blocked by a firewall (ufw, firewall, iptables).
  • If you getPermission denied, confirms that the user has permission to use the subsystem sftp and that its shell is configured correctly (often used/usr/lib/openssh/sftp-server).
  • In case of key errors, check that the public key is in~/.ssh/authorized_keysremote user and that folder permissions.ssh700 and the file 600.

Conclusion

The sftp command is an essential tool for any system manager or developer who needs to transfer files safely in Linux environments. Its integration with SSH provides robust encryption, flexible authentication and a wide range of file system operations. Following the best practices described — key authentication, privilege limitation and log monitoring — You can ensure that your transfers are both efficient and handling-proof. Now that you know their installation, basic use, automation and security settings, you are ready to incorporate SFTP into your daily workflows.

This work is under aCreative Commons License Attribution 4.0 International for Francesc Roig francesc @ vivaldi.net.

EnglishenEnglishEnglish
SpanishesSpanishEspañolEnglishenEnglishEnglish