The aim of this article is to provide an introduction to some useful programs in the
SSH2 suite, i.e. sftp and scp. In the following we suppose that the SSH2 daemon is well configured and running. You may check this on RedHat Linux:
$ rpm -q openssh
The first one (Secure File Transfer) is a ftp-like client that can be used in
file transfer over the network. It does not use the FTP daemon (ftpd or
wu-ftpd) for connections, allowing a significant improvement in the system
security. The use of sftp prevents all hacker
attacks since it permits to stop the potentially dangerous
The second (Secure Copy) is used to copy files over the network securely. It
is a replacement for rcp insecure command.
Sftp and scp do not require any dedicated daemon since the two programs
connect to sshd servers. In order to use sftp and scp you have
to insert the following line in the configuration file /etc/ssh/sshd_config
After this modification you must restart sshd. So you could
use sftp and scp only to connect to hosts where sshd is running.
Sftp uses SSH2 in data connections, so the file transport
is as secure as possible. There are two main advantages in using sftp instead
Password are never transferred in clear text, preventing any sniffer attack.
Data are encrypted during the transfer, making difficult to spy or modify the
The use of sftp is really simple. Let's suppose that you would connect via
sftp to your account zahn on host1. In
order to do that use the command:
$ sftp zahn@host1
Connecting to host1...
When the sftp is ready to accept commands, it will display a prompt sftp>.
In the sftp manual page there are a complete list of the commands which the user can
use; among them there are:
Quits from the application.
Changes the current remote working directory.
Changes the current local working directory.
Lists the names of the files on the remote server. For directories, the contents of
the directory are listed. When the -R option is specified, the directory trees are
listed recursively. (By default, the subdirectories of the argument directories are
not visited). When the -l option is specified, permissions, owners, sizes and
modification times are also shown. When no arguments are given, it is assumed that
the contents of . are being listed. Currently the options -R and -l are mutually
Same as ls, but operates on the local files.
Transfers the specified files from the remote end to the local end. Directories are
recursively copied with their contents.
Transfers the specified files from the local end to the remote end. Directories are
recursively copied with their contents.
Tries to create (destroy) the directory specified in dir.
Sftp supports glob patterns (wildcards) given to commands
ls, lls, get, and put. The format is described in the man page sshregex.
Since sftp use encryption there is drawback: the connection is slower (about a factor
of 2-3 to my experience), but this point is of marginal interest considering the
great security benefits.
Scp (Secure Copy) is used to copy files over the network securely. It is probably the
simplest way to copy a file into a remote machine. Let's suppose you want to copy the
file filename contained in the directory local_dir to your account myname on the
directory remote_dir on host host1. Using scp you could enter from the command line:
$ scp local_dir/filename myname@host1:remote_dir
In such a way the file filename is copied with the same name. Wildcards can be used
(read more about those from sshregex man page). The command:
$ scp local_dir/* myname@host1:remote_dir
copies all files from directory local_dir into the directory remote_dir of host1.
$ scp myname@host1:remote_dir/filename .
copies the file filename from remote_dir on host1 to the local directory.
Scp supports many options and allows copies between two remote systems as in the
Obviously, using scp, you must know the exact directory tree of the remote machine,
so in practice sftp is often preferred.