Using SFTP and SCP Instead of FTP

One simple way to improve your Linux server’s security is to use SFTP or SCP instead of regular FTP.

Using SFTP

SFTP can work with many protocols but is most commonly used with SSH to provide secure authentication. SFTP is not FTP over SSH, but instead a new protocol developed from the ground up.

SFTP differs from SCP in that it offers a GUI component that allows more remote administration, akin to a remotely accessed file system.

SFTP clients are almost exactly the same in appearance as FTP clients. The majority of them use a two pane window view, with one pane being the local filesystem and the other pane showing the server’s filesystem. To send or receive files simply drag them from one pane to another.

Popular SFTP Clients

  • FileZilla
    • for Windows, Mac OS X, Linux
    • Supports FTP and SFTP

  • WinSCP
    • for Windows
    • Supports FTP and SFTP

  • Cyberduck
    • for Mac OS X
    • Supports FTP and SFTP

Using SCP (Secure Copy)

The SCP command can be used to send a file to a server or retrieve a file from a server. Because it uses the SSH protocol for authentication SCP is more secure than FTP which transmits passwords in plain text.

Sending a File:

scp index.php bob@servername.com:/home/bob/public_html/
Syntax: scp [file] [user]@[server]:[/path/to/destination/]

Copies the local file index.php to the directory /home/bob/public_html/ on the server as the user bob.

Retrieving a File:

scp bob@servername.com:/home/bob/public_html/index.php Downloads/
Syntax: scp [user]@[server]:[/path/to/target/file] [local destination]

Copies the file index.php from its location on the server to the local directory called Downloads as the server user bob.

Wildcard File Transfers:

SCP can also be used with wildcard statements (*) to transfer multiple files that meet your criteria:
scp bob@servername.com:/home/bob/public_html/*.php Downloads/
Syntax: scp [user]@[server]:[/path/to/target/*wildcard*] [local destination]

Copies all files ending in .php in the /home/bob/public_html directory to the local directory called Downloads.

Wildcards can be used for both sending and receiving files.

Enabling Shell Access in the WHM

If a user wishes to use SCP and SFTP on a Linux server running cPanel they will need to have shell access enabled.

Log in to your server’s WHM as root and find the navigation link labeled Modify an Account, as indicated below:

WHM Modify Account Screen

On the following screen, locate the check box next to Shell Access and make sure that the box is checked. If it is not, check the box and then click the Save button.

WHM Modify Account Screen

What about FTPS?

FTPS is FTP using SSL to encrypt some or all of the transmissions between the server and client. In most cases we recommend users try SFTP before FTPS because most Linux servers will automatically support SFTP, whereas some configuration changes/additions may be necessary to start using FTPS.

Root User Access

As long as the root user is allowed to use SSH to connect to the server it can also be used to send or receive files using SFTP or SCP. Linux servers running cPanel will not let the root user connect using regular FTP because the root password would be transmitted in plain text, which should always be avoided.

Alternate Ports

If you change the port number used by SSH on your server you will need to also specify the new port number in your command.

Examples:
Default usage:
scp bob@servername.com:/home/bob/public_html/*.php Downloads/

Alternate port usage:
scp -P 22334 bob@servername.com:/home/bob/public_html/*.php Downloads/
In the above example, bob changed his server’s SSH port number to 22334.

A Word on Speed

SCP is generally faster than SFTP at transferring files because it uses a more efficient file transfer algorithm.

Additional Resources

For more information about the many choices available when picking a file transfer client please see this handy Wikipedia comparison page.

Be Sociable, Share!
Here's $75, Launch a New VPS Today. Find out why 30,000 customers have chosen our Best-in-Class Performance & 24x7 Heroic Support.