This Tutorial Explains what is SFTP Protocol through the Client-Server Architecture, Server, Client, SFTP Port, and the difference between FTP vs SFTP:
The secure file transfer protocol is a tool that is used to transfer the data which can be in the form of files, audio, or video securely between the local machine and the remote end server.
This is different from other protocols that also perform the same task in the way that it uses encryption and proper authentication method to transfer data between the two hosts. It is very useful for those file transfers through the Internet which require to be sent secretively like financial data or defense data.
In this tutorial, we will explore the working of the SFTP protocol through the client-server architecture and the port on which it is configured. With the help of examples and screenshots, we will also explore how to use it for file management and access it by using client software.
What You Will Learn:
What is SFTP
It is known by different names such as SSH File Transfer Protocol or Secure File Transfer Protocol and Secret File Transfer Protocol. It is a network layer protocol that provisions the secure file access, management, and secure exchange of data between two users or in client-server architecture over a secure network or reliable network connection.
The data connection over which the transmission is done should be protected with authentication policies and passwords which should be known only to the sending and receiving end.
The secure file transfer protocol generally runs on the TCP port number 22 but we can assign any port as per the availability to run this protocol. SSH-2 version is incorporated into the SFTP which provisions a complete encrypted and secured transport layer onto which one can run the SFTP commands and exchange data also.
It is a packet-based protocol thus it works much faster than the simple file transfer protocol. Also with SFTP, the data transfer will take place along with the mainstream connection thus it need not provide a separate connection likewise in FTP for file transfer.
As said earlier, the secure file transfer protocol works on the client-server architecture thus for using SFTP, one should have both the client program and server software.
For setting up the SFTP server connection, the user should have the Internet supporting web server and SFTP port number 22 directed towards the secure file transfer protocol server setup which is installed on the system.
When the SFTP server software is installed on the system it will generate the SSH key for the host from which the user can create and grant credentials and permissions to the other users and groups to access the system for data transfer. Operating systems like Windows, Linux systems, Mac OSX, and other systems are there which support this protocol and we can run SFTP services on these OS.
Secure File Transfer Protocol Client
It is a GUI-based or command-line-based software program, which provides the capability to connect to the SFTP server and have the SSH incorporated within it. This software permits the client system to connect, authenticate, and the transmission of data via a secure and encrypted network with the server on port 22.
Suggested reading =>> 10 Top SFTP Server Software for Secure File Transfers
The below figure shows the SSH session for communication and file exchange between the server and the client.
This are the information that the system needs to configure for the SFTP client on the desktop.
|Server Hostname||Give the hostname of the server or the IP address||10.192.64.2|
|Port number||The TCP port on which the client wants to connect.||22 or any other|
|Security Protocol||Select the protocol through which want to establish a secure connection.||SFTP/FTP/SCP etc.|
|Username||Username of the SSH through which the client wants to connect to the server.||Admin|
|Password||The password allocated to the above user.||********|
While establishing the connection first time with the server from the client, the server generates a host key and provides it to the client. After that, it will be stored locally on the system for future connections.
The default TCP port of secure file transfer protocol to establish the connection between a local machine and a web server or remote server is set as 22. But if it does not work then we can change the port settings to port 2222 or 2200 by going to the software default settings and can save the changes.
SFTP Client Software
#1) Solarwinds FTP Voyager Client
It is a free and open-source FTP client for secure file transfer through FTP, SFTP, and FTPS.
It can connect to multiple servers simultaneously for file transfer thus multiple processes can take place at one instance of time. It also synchronizes the folders automatically and has the feature of scheduling file transfers with allocated time.
#2) Filezilla Software
Filezilla is a free and GUI-based FTP client software and FTP server. The client software can be used with Windows, Linux, and Mac OS but the server is compatible with Windows only. It supports FTP, SFTP, and FTPS protocols. Some of its features include that it supports the IPV6 protocol.
The file transfer can be paused and resumed as per the requirement. There is a drag and drop feature also for uploading and downloading files and more than that, one file transfer can take place simultaneously between single or multiple servers.
Website: Filezilla Software
Windows Secure Copy (WinSCP) is a free SFTP and FTP client for Windows. Its main purpose is to provide secure file transfer between the host computer and the remote server. It is a GUI-based application and has the features of drag and drop to upload and download files with deleting and modifying them. It can be integrated with the PuTTY authentication agent for supporting SSH.
Applications Of SFTP
These are enlisted below:
- It is used to transfer sensitive data between two hosts, share data within the military department of different states regarding national security and share legal and financial data between government bodies.
- It is also used to run and share the audit data and reports between the organization and the regulatory bodies.
- One of the most attractive applications of the SFTP tool is that we can create, delete, import, and export files and directories from it. This provides not only the storing capability of big data files but the flexibility to access them from anywhere just by having the accessing credentials.
- It is used in cloud computing also by applications like SEEBURGER and Cyberduck.
- Filezilla and WinSCP are the application software that is most commonly used by organizations for file management and file sharing.
- Secret file sharing is also possible between two hosts by using upgraded authentication processes.
Difference Between FTP And SFTP
|Detail Name||File Transfer Protocol||Secure or SSH File Transfer Protocol|
|Definition||It is an open-source for file transfer between the two hosts and doesn’t support any secure data transmission.||It offers a secure SSH channel for secure file transfer between client and server.|
|Encryption||FTP is not an encrypted protocol||It encrypts the data by generating the encryption key before transmission over the network.|
|Channel Used||Two different channels are used, one for control and another for data transmission.||The same channel is used for both control and data transmission.|
|Port Used||TCP port 21 is commonly used for this protocol.||TCP port 22 is used and can be configured on another port also like 2222 or 2200.|
|Architecture Used||Client-server architecture is used||The SSH architecture is used which also offers the transfer of files between servers only along with host and server.|
|File transfer topology||It uses a direct file transfer methodology between the hosts and between client and server without following any encryption method.||It uses the tunneling topology for file transfer between the host and server machine and follows the encryption method so that the file can’t be interrupted by an unauthorized person.|
|Implementation||The FTP can easily be implemented and used on any host machine.||Before using the SFTP, it is necessary to generate the encryption keys thus sometimes lead to compatibility issues with host machines and servers.|
Encryption is an important part of secure file transfer protocol which protects the data from hackers by manipulating it into some unreadable format during transmission so that it can’t be accessed by anyone until it reaches the destination. At the receiving end, the data becomes readable again for the authorized user to have the key to access it.
The SFTP uses a secure shell, SSH encryption method for file transfer. SSH deploy public key cryptography to authorize the host machine and allow them to access the data. There are various ways to use the SSH method, one is to use the automatically generated pairs of private and public keys to encrypt the network before starting the file transfer and generate the password to log on to the network.
Another method is to use the manually generated pair of private and public keys to execute the authentication process which permits the user to log in to the network without the need for a password. In this method, the generated public key is placed on all the host machines which can access the network and the matching private key is kept secret by the server host machine.
In this way, the authentication is based on the private key, and the SSH will verify whether the person presenting the public key is having the matching private key or not for authentication.
As shown in the image above, the SSH also works in a client-server architecture. The SSH client machine initiates the request for the SFTP connection for file transfer, then the server sends the public key and in reply, the client machine will present the matching private key and the credentials to authenticate the process and log in to the server.
Then the file transfer session can be started between the two machines.
Using SFTP via Filezilla
As said earlier, Filezilla and WinSCP are the software programs through which users can use SFTP for data transfer and they just need to install the software and follow some basic steps of configuration to start using it.
Enlisted below are the basic steps of configuration with the help of examples:
Step #1: You first need to download the Filezilla client software from the Filezilla site page. The site address is already mentioned before, in this tutorial.
Step #2: For connecting to the SFTP server, the user needs to click on the site manager icon on the upper left side, as shown in the image below, and then apply the settings by creating the new site and then log in to it by clicking on connect.
The settings should be as follows:
- Host: Enter the host ID or host IP address.
- Protocol: Select SFTP from the drop-down menu.
- Logon type: Select Normal or Interactive from the drop-down.
- User name: Enter the host username and it should be the same with which you will log in to the server.
- Password: Enter the password.
Now click on the advanced settings.
Step #3: In the advanced settings, select the local directory location from which you will choose the file or folder you want to transfer. One can leave the remote default directory location empty or can type the specific directory location to which you want to transfer data.
Now, click on the Connect button to start the session and then click OK. Refer to the below screenshot:
For the first time, when you connect to the server then a dialog box will appear which shows that ‘unknown host key’. Then checkmark the option ‘always trust this host and add this key to the cache’ and now click the OK button. This will store the key for future connections.
Step #4: Now a password box will appear and you have to enter the password to log in and also checkmark the ‘Remember password until the Filezilla is closed’. Then click the OK button. One another password dialog box will appear for authentication then you should enter the password and key. Then click OK.
Step #5: Now you have connected to the user interface of the remote server as shown in the image below.
The interface has two sides or two partitions i.e. the left side which reflects the files and data saved in the local machine and tagged as a local site. While the right side of the interface reflects the data saved at the remote end server and tagged as a remote site.
Step #6: The user can share its data or files by dragging and dropping the option between the two.
Also, users can start uploading the file into the server by browse onto the files from the local machine for which they want to upload. While in the remote server interface, click on the public folder for uploading the files and open it by double-clicking on it. To upload a particular file from the local machine, right-click on that file and select upload.
Step #7: Now the files you have uploaded can be accessed by the web browser and you can Quickconnect onto the server as described below and can exit from the Filezilla by selecting the cross sign.
For future connection, one needs not follow all the steps, and to open the Filezilla tab, click on the Quickconnect button for making a connection with the server by entering the following fields:
- Hostname: The host IP address or the hostname with the prefix SFTP like sftp.xxx.com.
- Username: Enter the host username through which you want to log in.
- Password: Enter the password which should be the same one you have chosen for SSH activation in the settings.
- Port number: By default, the port number is 22.
The screenshot below shows how to connect to the server using the client Filezilla:
Note: Ignore the error message in the above screenshot as it is shared only for understanding not a procedure for transferring files.
Frequently Asked Questions
Q #1) What is needed for SFTP?
Answer: The Secure File Transfer Protocol needs the secure shell (SSH) data stream connection which provides a secure connection between two machines as the data will be in encrypted form, using the encryption algorithms. The SSH keys should also need to be generated before establishing a connection with the server.
Q #2) Is SFTP secure enough?
Answer: Yes the SFTP is a completely secure protocol as the data which transfers between the two machines will be in the encrypted form and no unauthorized person can read the coded data. Only the users who are having the keys and credentials of login and access can access the data.
But if the user uses weak and insecure credentials and keys for login and data transfer then there are chances of insecurity and the weak passwords can easily be decoded.
Q #3) Can SFTP be hacked?
Answer: If we use a strong firewall system that gets updated regularly and the firewall logs that get checked periodically then it becomes very difficult to hack the SFTP server. It is also needed to keep the SFTP server software updated with the latest security patches installed in it to make the server secure.
The SFTP server should use a strong password for login and file sharing and also should use IP filtering which means that it should rule out all the unused IP ranges and allow IP addresses of the users who are having rights to access the server.
Another important security measure is that disable all the protocols which are not required by the server if the server is not using HTTP and HTTPS then should disable them.
If the administrator proactively takes all these security measures and will keep an eye on the threats then it will become very difficult to hack the SFTP server.
Q #4) Can SFTP be used with macOS?
Answer: To access and run SFTP on Mac, the first thing to do is to activate SSH access on the system for login into the SFTP server by generating the public and private keys automatically or manually from the Manage SSH option on the MAC system. Then generate the username and password to authenticate the login.
The next step is to download any of the secure file transfer protocol client software like Filezilla into the system and connect to the server by using the same key and password which you have used to activate the SSH session.
Use the credentials, IP address, and default port number to connect to the server from the client as described above and then you can transfer files between the hosts. One can use the Cyberduck SFTP client for MAC if facing compatibility issues with Filezilla.
Q #5) What is SFTP PuTTY?
Answer: The PuTTY is a tool for remote access to another machine and can also be used to transfer files securely using SSH. The PuTTY behaves like an SFTP client for connecting and transferring files to the SFTP server and the interesting thing is that the PuTTY SCP client needs not to be installed on the windows and can directly be used by downloading and saving PuTTY.exe on the system.
It can directly be used with Linux OS by running it directly from the command prompt.
It is a kind of terminal emulator and is compatible with MAC also. It supports many applications like TELNET, FTP, SCP, and SSH and can be connected to a serial port also.
In this tutorial, we have explained what is SFTP, some popular secure file transfer protocol client tools, applications, and SFTP encryption processes. We also covered the basic architecture with settings to install this application onto the local machine for data transfer with the help of examples and screenshots.
We also discussed the client-server architecture of the secure file transfer protocol with the TCP port details which are used for making the connection between the machines. Then we explained the difference between the FTP and SFTP protocols in tabular format.
In this article, we have also answered some basic questions which generally arise in beginners’ minds regarding the SFTP protocol and its working principle.
Further reading =>> What is Port Triggering