How to Use SFTP Commands to Transfer Files in Linux

SFTP, or Secure File Transfer Protocol, uses secure shell encryption to provide security to send and receive files over the internet or a network. SFTP uses the same port as SSH for file transfers: 22. Since SFTP is packet-based instead of text-based, it’s more secure and faster than most other file transfer protocols and uses fewer CPU resources. SFTP allows secure file transfers between different filesystems like Windows, macOS, Unix, etc.

Note: We’re using Ubuntu LTS 22.04, codenamed Jammy Jellyfish, an Ubuntu-based distro derived from Debian, for this guide.

Also, note that while we’re using the sftp command and the Linux file manager in this guide, many Linux administrators and users prefer using third-party FTP/SFTP clients such as FileZilla to send and receive files via SFTP, citing the ease of use of these FOSS clients.

Many users like third-party FOSS clients to send and receive files via SFTP.
Many users like third-party FOSS clients to send and receive files via SFTP.

Install OpenSSH

On many Linux distros, OpenSSH is installed by default.OpenSSH is the de facto standard open-source implementation of the SSH protocol used by most operating systems, including most Linux distros and Microsoft Windows.

To check if OpenSSH is installed on your Debian- or Ubuntu-based distro, enter the following from the terminal:

# dpkg -l grep ssh

On RHEL- and CentOS-based distros:

# rpm -qa openssh

On Arch-based distros:

# pacman -Qi openssh

On OpenSUSE-based distros:

# zypper search -i openssh

If no OpenSSH packages (openssh*) are listed, OpenSSH needs to be installed. OpenSSH can be installed with a single command-line entry.

To install OpenSSH on Debian- and Ubuntu-based distros:

# apt install openssh-server openssh-client

 

Use the apt install command to install OpenSSH on Debian/Ubuntu-based distros.
Use the apt install command to install OpenSSH on Debian/Ubuntu-based distros.

On RHEL- and CentOS-based distros:

# yum install openssh

On Arch-based distros:

# pacman -S openssh

On OpenSUSE-based distros:

# zypper install openssh-server

Configure OpenSSH

Now that the OpenSSH server, client, and SFTP server, along with dependent packages, are installed (these dependencies, libcor0.8, lifgido2-1, ssh-import-id, and openssh-sftp-server are automatically included when specifying openssh-server in the command line), we need to configure OpenSSH. Configuration of OpenSSH on a Linux distro consists of four separate steps:

  • Create SFTP Group and User(s)
  • Create SFTP Default Directory and Set Permissions
  • Configure the SFTP Server Configuration File
  • Restart OpenSSH

Note: The steps below need only be run on the distro serving as the SFTP server, not on client machines connecting to the SFTP server.

Create the SFTP Group and User(s)

In this example, the SFTP user id being created is sftp-user. The SFTP group is sftp-group.

  1. Launch the terminal.
  2. Create the SFTP group, sftp-group.
    # addgroup sftp-group
  3. Create the SFTP user. sftp-user, and add them to the newly-created SFTP group, sftp-group.
    # sudo useradd -G sftp-group -d /sftp/sftp-user -s /sbin/nologin sftp-user

    Explanation of operators used:

    -G sftp-group:  add the user to the group sftp-group.
    -d /sftp/sftp-user:  specify the home directory of the user, sftp-user.
    -s /sbin/nolgin:  set the user, stfp-user, default shell to /sbin/nologin/. This means sftp-user will not be able to log in via SSH, only via SFTP.

  4. Set the password for the user, sftp-user, with the passwd command.
    # passwd sftp-user

     

    Create the group, sftp-group, and the user, sftp-group. Verify.
    Create the group, sftp-group, and the user, sftp-group. Verify.

    Also, in this example, /sftp is the default root directory for SFTP users, and /sftp/<username> the home directory for each SFTP user (in this instance, sftp-user). When SFTP users login via SFTP, their default directory will be /sftp/<username>.

Create the SFTP Default Directory and Set Permissions

  1. Create the /sftp/sftp-users/uploads directory.
    # mkdir -p /sftp/sftp-users/uploads

    Note that the -p option creates the parent directories if they don’t already exist. So the /sftp and /sftp/sftp-users/ directories are created along with /sftp/sftp-sftp-user/uploads.

  2. Set the owner of the /sftp/sftp-users directory as root and give access to members of the group, sftp-group. Since /sftp is a root directory, root is the owner by default.
    # chown -R root.sftp-group /sftp/sftp-user
  3. Set the owner of the /sftp/sftp-users directory as sftp-user and give access to members of the group, sftp-group.
    # chown -R sftp-user.sftp-group /sftp/sftp-user/uploads
  4. Give read and execute permissions to members of the group, sftp-group.
    # chmod g+rx /sftp/sftp-user
  5. Next, let’s verify that the /sftp subdirectory structure was created correctly and that ownership/permissions were correctly set.
    # ls -Ral /sftp
    Verify correct directory structure, ownership and permissions with the command: ls Ral /sftp.
    Verify correct directory structure, ownership, and permissions with the command: ls Ral /sftp.

    With the permissions set above SFTP users (sftp-user) can read and copy from their SFTP home directory, /sftp/sftp-user, but cannot copy or write files to the directory. The only directory that the SFTP user can write files to is the uploads directory, /sftp/sftp-user/uploads.

Configure the SFTP Server Configuration File

Next, we need to configure the SFTP server configuration file, /etc/ssh/sshd_config.

  1. To edit /etc/ssh/ssd_config, we must open it with a command-line text editor. In this case, that editor is Vim.
    # vi /etc/ssh/sshd_config
  2. Add the following entries at the end of the file (under the Subsystem sftp /usr/lib/openssh/sftp-server) line.
    Match group sftp-group
    ChrootDirectory /sftp/%u
    X11Forwarding no
    AllowTcpForwarding no
    PermitTTY no
    ForceCommand internal-sftp
  3. Save the /etc/ssh/sshd_config file.

    Add the provided entries to the end of the /etc/ssh/sshd_config file, save and exit.
    Add the provided entries to the end of the /etc/ssh/sshd_config file, save and exit.

Restart OpenSSH

Now that the necessary entries are in /etc/ssh/sshd_config, restart the OpenSSH server, (sshd daemon) for the changes to take effect.

# systemctl restart sshd

Note that even if the OpenSSH server is not running, the restart option will still start it.

Now, check that the OpenSSH server is running.

# systemctl status sshd
Check the status of OpenSSH.
Check the status of OpenSSH.

Real-Life Scenario – Send and Receive Files via SFTP using the GUI

In this scenario, the file, blue.txt, will be downloaded from the SFTP server to the client machine via drag-n-drop. Transferring files using SFTP via the GUI is much the same as copying files locally.

  1. Launch the distro’s file manager (in this case, Nautilus).
  2. Navigate to Other Locations.
  3. Enter the SFTP server’s hostname or IP address in the Connect to Server box at the bottom of the file manager. In this instance, sftp://192.168.1.80. Note the sftp:// prefix. This is mandatory.
  4. Click Connect.

    Don't forget to preface the hostname or IP address with sftp:// when connecting to the SFTP server.
    Don’t forget to preface the hostname or IP address with sftp:// when connecting to the SFTP server.

  5. When the authentication window appears, enter the user id, sftp-user, and password in the appropriate boxes. Click Connect.

    Enter the requested credentials when the Authentication window appears.
    Enter the requested credentials when the Authentication window appears.

  6. When the SFTP server directory opens, the desired file, blue.txt, is in the directory.

    The file to be copied, blue.txt, is seen in the SFTP server directory.
    The file to be copied, blue.txt, is seen in the SFTP server directory.

  7. Launch another file manager window and navigate where the file, blue.txt, is to be copied (Home / techobservatory downloads).

    Open the target directory on the client machine.
    Open the target directory on the client machine.

  8. Select the file, blue.txt, in the SFTP server directory and drag-n-drop it into the desired directory.
  9. The file, blue.txt, was successfully downloaded to the desired directory, Home / techobservatory downloads, on the client machine.

    The file, blue.txt, was successfully downloaded to the client machine.
    The file, blue.txt, was successfully downloaded to the client machine.

Real-Life Scenario – Send and Receive Files via SFTP using the Command Line

In this scenario, the file, pink.txt, will be sent from the client machine to the SFTP server via the command line.

  1. Launch the terminal.
  2. Enter sftp <sftp user>@<server>. In this case, [email protected]. Note that the hostname can be used as well as the IP address.
    # sftp [email protected]
  3. At the SFTP prompt, change to the uploads directory.
    sftp> cd uploads
  4. Send the file, pink.txt, to the SFTP server.
    sftp> put pink.txt

    The file’s transfer progress is displayed on the screen.

  5. Verify that the file, pink.txt, is in the directory.
    sftp> dir
  6. Exit SFTP.
    sftp> exit

    Upload the file, pink.txt, to the SFTP folder.
    Upload the file, pink.txt, to the SFTP folder.

  7. Close the terminal.

In this scenario, the file, brown.txt, will be copied from the SFTP server to the client machine via the command line.

  1. Launch the terminal.
  2. Enter sftp <sftp user>@<server>. In this case, [email protected]. Note that the hostname can be used as well as the IP address).
    # sftp [email protected]
  3. At the SFTP prompt, make sure the file to be copied, brown.txt, from the SFTP server to the client machine is present on the SFTP server.
    sftp> dir
  4. Copy the file, brown.txt, to the client machine.
    sftp> get brown.txt
  5. After the file, brown.txt is successfully retrieved, the SFTP prompt will reappear.
  6. Exit SFTP.
    sftp> exit

    Download the file, brown.txt, to the client machine.
    Download the file, brown.txt, to the client machine.

  7. Close the terminal.

Commands Used in This Article

Linux Commands Used

  • ls – list directory contents.
  • apt – Debian- and Ubuntu-based command-line interface for the package management system.
  • rpm – (Remote Package Manager) package manager to install applications and packages on RHEL- and CentOS-based distros.
  • pacman – package manager to install applications on Arch-based systems.
  • useradd – add a user.
  • addgroup – add a group.
  • passwd – set or change a user’s password.
  • dpkg – package manager for Debian- and Ubuntu-based distros.
  • mkdir – make a directory.
  • chown – change ownership of a file or directory.
  • chmod – change file mode bits.
  • sftp – launch the OpenSSH client.
  • systemctl – control the systemd system and service manager.
  • vi – launch the Vim text editor.

SFTP Commands Used

  • dir – list directory contents.
  • cd – change directory.
  • exit – exit SFTP. bye and quit can also be used.
  • put – copy a file to the SFTP server.
  • get – retrieve a file from the SFTP server.

Leave a Comment