List of content you will read in this article:
Today, the internet has become more prone to threats and hacker attacks, thus making it challenging to transfer crucial data. It reduces the risks and has made it more accessible for people to transmit high-end and critical data from one server to another. Several protocols ensure secured file transfer; one commonly used protocol is SFTP, also popularly known as SSH file transfer protocol. You can use its GUI wizard to transmit or execute command-line SFTP commands to serve the same purpose.
In this article, we will focus on what SFTP (client/server) is, how it works, its features, advantages and disadvantages, how it differs from FTP, how to change the default SFTP port number, and some commonly used SFTP client software. Not only this, we will cover some of the frequently used SFTP commands that will help you transfer data without logging into the server manually.
What is SFTP? [Definition]
SFTP is an acronym for Secure file transfer protocol or SSH FTP. This protocol is used at the network layer to securely access, manage the files and transmit the data within the network. It allows two users to share data within a client-server architecture securely.
The data connection used for transmission should be protected with appropriate authentication standards and passwords.
Default SFTP Port Number 22
The SFTP default port number is 22; while establishing a secured connection between the client and the server. But if you want to change the port settings to another port number, you can change the default settings accordingly. We will see the sites later in this article.
SSH-2 version is incorporated into the SFTP, ensuring an encrypted and secured transport layer where the user can run the SFTP commands to transfer the data.
It is used on both the client and server sides; we also need to understand them. It works much faster than the simple file transfer protocol because it is packet-based. Also, with SFTP, the mainstream connection is used to transmit the data, thus not requiring a separate connection as required in FTP for file transfer.
What is SFTP Server?
The secure file transfer protocol is based on the client-server architecture, which will require one client program and one server software.
To set up the SFTP server connection, the user will require a web server with proper Internet support with SFTP port 22, essential for your system’s secure file transfer protocol server.
Installing the SFTP server software on your system will generate the host's SSH key, allowing the user to create and grant permissions to the other users and groups to access the system for transferring the data. The SFTP is supported by all operating systems, such as Windows, Linux, Mac OS X, and other operating systems.
How to Use SFTP
SFTP is widely used to ensure the confidentiality and integrity of data during file transfers. Learning how to use SFTP can be beneficial when you need to transfer files between remote systems securely. To use SFTP (Secure File Transfer Protocol), you need to follow these steps:
- Choose an SFTP client: Several SFTP clients are available, both free and paid. Some popular options include FileZilla, WinSCP, and Cyberduck. Choose one that suits your operating system and preferences, then download and install it on your local computer.
- Obtain the connection details: You'll need specific information to connect with the remote server. This typically includes the server's IP address or hostname, the port number (usually 22 for SFTP), your username, and password. Alternatively, if the server supports key-based authentication, you may need to generate a public-private key pair.
- Configure the SFTP client: Open the SFTP client and navigate to the settings or preferences section. Here, you will find options to enter the connection details you obtained earlier. Fill in the server address, port number, username, and password in the appropriate fields. If you're using key-based authentication, specify the path to your private key file.
- Establish the connection: Once you've entered the necessary information, click the "Connect" or "Login" button to connect to the remote server. The SFTP client will attempt to connect using the provided details.
- Navigate and transfer files: The SFTP client will display a file browser interface after successfully connecting to the remote server. The interface usually consists of two panes: one for your local files and directories and the other for the remote server's files and directories. Use these panes to navigate to the files you want to transfer.
To upload files, locate the file on your local machine, select it, and then drag and drop it into the remote server's directory where you want to store it. To download files, navigate to the remote server's directory, select the file you want to download, and drag it to the desired location on your local machine.
- Disconnect from the server: When you've finished transferring files, it's essential to disconnect from the remote server. Look for a "Disconnect" or "Logout" option in the SFTP client, or close the application.
The SFTP client can be a graphical interface or command-line software allowing you to connect to the SFTP server and perform various tasks. Using this software, the user can connect, authenticate, and transmit the data securely within an encrypted network. By default, the SFTP server will have a port number of 22.
You can consider the below image showing the SSH session for communicating and exchanging data between the server and the client.
But, before you connect to the SFTP server via the SFTP client, you need to configure the following settings on the desktop for your SFTP client.
- The hostname of the server- hostname or IP address of the server.
- Port number- specify the TCP port on which the client will connect; the SFTP default port number is 22.
- Security protocol- you can choose your security protocol to make the connection, such as SFTP/TCP/SC.
- Username- specifies the username of the SFTP client through which you want to establish the connection to the server.
- Password- it is the password of the particular username that you use.
Suppose you establish the connection to a specific server for the first time. In that case, the server will generate a host key and provide it for transfer to the client to authenticate the connection. After that, the connection will be established without confirmation whenever you connect to that server.
SFTP Server for Linux, Windows and Mac
There is a wide range of SFTP servers for every operating system and the list here has you covered whether you use Linux, Mac or Windows. These SFTP server solutions allow you to securely transfer files between clients and the server while ensuring data integrity and confidentiality. Here are a few notable SFTP server options for each operating system:
OpenSSH: OpenSSH is a widely-used and reliable open-source SFTP server for Linux. It is often pre-installed on many Linux distributions and provides a secure and robust environment for SFTP file transfers. OpenSSH offers strong encryption, user authentication options, and configurable access controls. It is highly customizable and can be configured to meet specific security requirements.
Bitvise SSH Server: Bitvise SSH Server is a popular SFTP server solution for Windows. It offers a user-friendly interface and supports SFTP, SSH, and SCP protocols. Bitvise SSH Server provides strong encryption, public-key authentication, and powerful access control mechanisms. It also includes features like virtual accounts, event-driven automation, and auditing capabilities.
Cerberus FTP Server: Cerberus FTP Server is a versatile FTP and SFTP server for Windows that offers a range of features, including secure file transfers using SFTP. It supports SFTP with strong encryption, user authentication options, and IP whitelisting/blacklisting. Cerberus FTP Server also provides a web-based interface for remote administration and monitoring.
macOS Built-in SFTP Server: macOS includes a built-in SFTP server that can be enabled from the system preferences. It allows you to enable SFTP access for specific user accounts on your Mac. The built-in SFTP server provides secure file transfers, user authentication, and configurable access controls. It is a convenient option for basic SFTP server needs on macOS.
CrushFTP: CrushFTP is a comprehensive file transfer server that supports various protocols, including SFTP, for Mac. It offers advanced features like encryption, secure sharing, user management, and automation capabilities. CrushFTP provides a web-based interface for easy administration and is suitable for both personal and enterprise use.
How does SFTP work?
SFTP uses TCP, a connection-oriented protocol allowing both devices to verify the connection before sending or receiving the files over the network. TCP ensures this using the three-way handshaking process. This process requires two systems: one sends the data, and the other receives the data.
The handshaking process involves the following steps-
Step 1: The sending device starts by sending an SYN message.
Step 2: After that, the receiver will acknowledge that message back to the sender.
Step 3: The sender device will again send an acknowledgment message to the receiver.
This process ensures that both devices are ready to make the transfer. Other steps are performed by establishing an SSH connection to secure this transfer. Below are the standard steps to establish an SSH connection.
Step 1: The SSH will default use port 22, and the client starts the connection by verifying the server’s identity. Either the client is connecting to the server for the first time, requiring manual verification of the server’s public key. Another case is the client has already established the connection without user involvement.
Step 2: Both devices agree on the session key to encrypt and decrypt the data. The key is randomly generated.
Step 3: The server will use the SSH key pair to authenticate the client. The critical pair combines the public key (known to both parties) and the private key (known to the right client).
Check here to fix the SSL handshake failed error if you get an error message.
Features of SFTP and its Capabilities
Some fantastic features make SFTP more secure than FTP.
- It comes with two different authentication methods, such as securing data using ID and password or SSH keys; it is up to you what method you want to apply SFTP adds another security level by encrypting the authentication credentials and data.
- SFTP server generates a public-private key combination shared with the client.
- It does not only solve your purpose of transferring the files but also for accessing remote servers. As a result, SFTP clients help to resume interrupted transfers, access directory listings, etc.
- It supports IPv6 HTTP, TMUX, etc. you can also get enhanced functionality to upload and download the data.
- It allows the user to execute commands locally or on the remote server. You can transmit the data by compressing it to exceed the transfer limit.
Applications Of SFTP
Below are the benefits of SFTP.
- You can use SFTP to transfer sensitive data between two devices/hosts/servers, such as sharing data within institutions, government bodies, etc.
- You can also run and share the audit report across several organizations and regulatory bodies.
- You can also use the SFTP tool for creating, deleting, importing, and exporting files and directories. You can leverage its ability to store and share big data files and access them from anywhere using appropriate credentials.
- SFTP is widely used within cloud computing via applications such as SEEBURGER and Cyberduck.
- Some commonly used SFTP clients are Filezilla and WinSCP, which are very popular among organizations for managing and sharing files.
- You can even share files secretly between two hosts by adding an extra security level to authenticate the processes.
Implementing SFTP within your organization has several advantages to securing your data transmission.
- With SFTP, the users’ credentials are encrypted, making it more secure.
- SFTP ensures key-based authentication to add another level of security using usernames and passwords, making SFTP more secure.
- SFTP ensures security by only using one server connection to transfer data without opening other server ports.
- It provides detailed information about the files being transferred, such as date, time, and size, helping you with the debugging process.
Disadvantages of SFTP
Using SFTP is not all about its advantages; you also have to face some limitations while using SFTP. Below are some that you must consider.
- Managing SSH keys is not as easy as it seems.
- You need to store the private keys on the device you are transferring the files to protect them against theft or loss.
- You will require a system administrator to set the SSH keys.
- You need to know how SSH works and execute the right commands on the command-line terminal.
Difference Between FTP And SFTP
File Transfer Protocol
Secure or SSH File Transfer Protocol
Open-source protocol to transfer the file between the two hosts.
It offers a secure SSH channel to transfer the file securely between client and server.
Do not support encryption. Unless you get FTPS, an extension of FTP, which uses TLS and SSL.
It supports encryption by generating the encryption key before the data transfers.
Two different channels are used, one for control and another for transferring the data.
It uses the same channel for both control and data transmission.
by default TCP port number is 21
by default TCP port is 22, but you can configure it on 2222 or 2200.
Based on Client-server architecture.
The SSH architecture is used.
File transfer topology
It uses a direct file transfer methodology between the hosts and between clients.
It uses the tunneling topology to transfer files between the host and server machine and the encryption method.
Changing the SFTP Default Port
By default, the value of the SFTP port number is 22. But, changing this default value to another will make it difficult for hackers to hack your data transmission and reduce the risk. You can go through the following steps to change the port number.
Step 1: Choose a New Port Number
In a Linux machine, you cannot use port numbers below 1024, as they are reserved for well-known services. You can use a port number within the range of 1-1024 for the SSH service, but it is recommended to choose a value above 1024.
The below example uses the value 4433 for the SFTP port. You can choose any other number if 4433 is already taken.
Step 2: Adjusting Firewall
But before you change the SFTP port number, open a new port in your firewall. If you use a UFW firewall, you can open a new port using the following command.
sudo ufw allow 4433/tcp
CentOS machine (firewall management tool is FirewallD)-
sudo firewall-cmd --permanent --zone=public --add-port=4433/tcp
sudo firewall-cmd --reload
You also have to adjust the SELinux rules to add a new SSH port using the below command for the CentOS machine.
sudo semanage port -a -t ssh_port_t -p tcp 4433
Step 3: Configure SFTP/SSH
The SSH server configuration file is stored in the /etc/ssh/sshd_config file. To make changes, you need to open the file with your text editor:
sudo vim /etc/ssh/sshd_config
Then look for port 22. Remove the # from the beginning and enter the new SSH port number, as shown below.
Step 4: Restart the SSH service
Once you are done with the required changes, you need to restart the SSH services to put the change in effect. You can run the following command to restart the SSH server.
sudo systemctl restart ssh
In CentOS, the SSH service is named SSHD. Follow the below-listed centos command.
sudo systemctl restart sshd
Step 5: Verify that the SSH daemon is listening on the new port:
ss -an | grep 4433
SSHFS & Using SFTP for File Sharing
SSHFS, or SSH File System, is a convenient tool that allows users to mount a remote file system over an SSH connection. It leverages the Secure Shell (SSH) protocol, the same protocol used for SFTP (Secure File Transfer Protocol), to establish a secure and encrypted connection between the local and remote systems. This enables seamless file sharing and access to remote files as if they were stored locally. Here's a brief overview of SSHFS and how it can be used for file sharing using SFTP.
SSHFS eliminates the need to manually transfer files back and forth between systems by providing a transparent way to access and manage remote files. With SSHFS, you can mount a remote directory on your local machine, allowing you to browse, open, edit, and save files as if they were on your local file system. The underlying SSH connection ensures the security and integrity of the data during the file transfer process.
To use SSHFS for file sharing, you need to follow these steps:
- Install SSHFS: Begin by installing SSHFS on your local machine. SSHFS is available for various operating systems, including Linux, macOS, and Windows (using third-party software). On Linux, SSHFS can often be installed through the package manager. On macOS, you can use Homebrew or MacPorts to install it.
- Establish an SSH connection: Before using SSHFS, ensure you have SSH access to the remote system. This typically involves enabling the remote SSH server and having valid login credentials (username and password or SSH key).
- Mount the remote directory: Once SSHFS is installed and the SSH connection is established, you can mount the remote directory on your local machine. The exact command or procedure for mounting may vary depending on your operating system and SSHFS implementation. Generally, you'll need to specify the remote server address, directory path, and the local mount point (the directory on your local machine where you want to access the remote files).
- Access and share files: After successfully mounting the remote directory, you can access the remote files through the local mount point. You can open, edit, delete, and create files as if they were stored locally. Any changes you make to the files will be reflected on the remote server.
SFTP Libraries for Developers
SFTP (Secure File Transfer Protocol) libraries provide developers with programming interfaces and tools to incorporate SFTP functionality into their applications. These libraries offer a convenient way to securely transfer files over the network, ensuring data integrity and confidentiality. Here are a few notable SFTP libraries commonly used by developers:
Paramiko is a widely used SFTP library for Python. It allows developers to create SSH and SFTP clients, making it easy to establish secure connections and transfer files. Paramiko provides a high-level API with comprehensive documentation, allowing developers to integrate SFTP functionality into their Python applications quickly. It supports various authentication methods, including password-based and key-based authentication.
JSch is a popular Java library that implements the SSH2 protocol and provides SFTP functionality. It offers a rich set of features and supports SSH key exchange, user authentication, and file transfer operations. JSch is widely used in Java applications for secure file transfers over SFTP. It provides a simple API for establishing SSH connections and performing SFTP operations.
SSH.NET is a lightweight and easy-to-use SFTP library for C#/.NET. It enables developers to incorporate SSH and SFTP functionality into their C# applications seamlessly. SSH.NET supports key-based authentication, password-based authentication, and various encryption algorithms. It offers a simple API that allows developers to establish SSH connections and perform file transfer operations using SFTP.
libssh2 class="link-id" (C/C++):
libssh2 class="link-id" is a powerful open-source library for implementing SSH2 and SFTP functionality in C and C++ applications. It provides a full-featured API for secure file transfers over SFTP. libssh2 class="link-id" supports various authentication methods, supports key exchange, and offers a wide range of encryption algorithms. It is highly portable and widely used in C/C++ applications for secure file transfer operations.
File Transfer Solutions Using SFTP
Several file transfer solutions utilize SFTP (Secure File Transfer Protocol) to ensure secure and reliable data transfers. Here are some popular file transfer solutions that leverage SFTP:
Cyberduck: Cyberduck is an SFTP client for both Windows and macOS that supports secure file transfers using SFTP, among other protocols. It provides a sleek interface, integration with popular cloud storage services, and features such as bookmarking, file encryption, and easy sharing options.
MobaXterm: MobaXterm is a comprehensive terminal and remote access tool that includes SFTP functionality. It enables secure file transfers over SFTP and offers additional features such as SSH client, X11 server, and remote desktop capabilities.
IBM Sterling File Gateway: IBM Sterling File Gateway is an enterprise-level solution that supports secure file transfers using SFTP. It offers advanced features like secure file exchange, protocol conversion, and support for high-volume file transfers.
PyroBatchFTP: PyroBatchFTP is a Windows-based automation tool that supports secure file transfers using SFTP. It allows users to create batch scripts to automate SFTP transfers, making it a suitable solution for scheduled and recurring file transfers.
GoAnywhere MFT: GoAnywhere MFT is a managed file transfer solution that supports secure file transfers using SFTP. It offers a wide range of features, including encryption, user authentication, auditing, and automation capabilities.
Using Managed File Transfer Software For SFTP
Using managed file transfer software for SFTP (Secure File Transfer Protocol) can greatly enhance the efficiency and security of file transfers within an organization. Managed file transfer (MFT) software provides a centralized platform to streamline and automate file transfer processes while ensuring data integrity and compliance.
One major advantage of using MFT software for SFTP is the ability to centralize and manage file transfers from a single interface. It eliminates the need for manual transfer methods, such as using standalone SFTP clients, and offers a unified view of all file transfer activities. This centralized approach simplifies the administration, monitoring, and auditing of file transfers, improving overall efficiency and visibility.
Another crucial aspect is the security features provided by MFT software. It incorporates robust encryption, authentication mechanisms, and access controls to protect sensitive data during transit. MFT software also enables secure key management and supports compliance requirements, such as PCI DSS or HIPAA, by offering features like data encryption at rest and in motion.
Additionally, MFT software often includes advanced automation capabilities. It allows organizations to set up workflows, schedule transfers, and implement business rules to automate file transfer processes. This reduces manual intervention, minimizes errors, and improves productivity.
SFTP Client for Windows and Mac
There are several SFTP client tools that you can use to connect to the remote SSH server securely and perform various tasks, such as copying, deleting, pasting, uploading, and downloading files. We have mentioned some of the commonly used SFTP clients below for your reference.
FileZilla is a free and GUI-based FTP client software. You can use this software on various operating systems, such as Windows, Linux, and Mac OS, but the server is only compatible with Windows. It comes with FTP, SFTP, and IPv6 protocols. You can pause and resume the file transfer as per the requirement. It comes with the drag and drops feature for quick uploading and downloading files.
Windows Secure Copy (WinSCP) is a free SFTP and FTP client for Windows operating systems.
You can use this software to transfer the files between the host computer and the remote server. Like FileZilla, WinSCP also has drag-and-drop features for quickly uploading and downloading files. You can integrate this software with the PuTTY authentication agent to support SSH.
3. Solarwinds FTP Voyager Client
It is another free and open-source FTP client for securely transferring files via FTP, SFTP, and FTPS. It lets you connect to multiple servers simultaneously to transfer files and thus handle multiple processes using a single instance. It helps synchronize the folders automatically and schedule file transfers within the allocated time.
Remember that to use SFTP for file management on your website; you will need an actual website. Since regular backups and having an SSL certificate is a must for a successful business, we recommend using MonoVM’s web hosting services to take care of all of these for you.
SFTP has secured all communication across the network. It adds another security level by authenticating the credentials of the logging client or using SSH keys. Understanding the needs of the SFTP is essential for the business dealing with transmitting critical and personal data. Implementing and setting SFTP requires technical knowledge and command-line commands.
In this article, you have received a lot of information about the default SFTP port number, what the SFTP port is, and how to change the default SFTP port number. Also, you can easily choose from the most commonly used SFTP clients to establish a secure connection to the SSH remote server and perform tasks accordingly. We have also given you a little information about the best SFTP client software available in the market; if you have any other suggestions about the SFTP port number, you can comment in the comment box. We also offer full SSH access on our VPS servers which you can buy from MonoVM.
People also read: