SSH2 suite: SFTP and SCP


The aim of this article is to provide an introduction to some useful programs in the SSH2 suite, i.e. sftp and scp. In the following we suppose that the SSH2 daemon is well configured and running. You may check this on RedHat Linux:

$ rpm -q openssh


The first one (Secure File Transfer) is a ftp-like client that can be used in file transfer over the network. It does not use the FTP daemon (ftpd or wu-ftpd) for connections, allowing a significant improvement in the system security. The use of sftp prevents all hacker attacks since it permits to stop the potentially dangerous wu-ftpd.

The second (Secure Copy) is used to copy files over the network securely. It is a replacement for rcp insecure command.

Sftp and scp do not require any dedicated daemon since the two programs connect to sshd servers. In order to use sftp and scp you have to insert the following line in the configuration file /etc/ssh/sshd_config (RedHat Linux).

Subsystem   sftp   /usr/libexec/openssh/sftp-server

After this modification you must restart sshd. So you could use sftp and scp only to connect to hosts where sshd is running.


Sftp uses SSH2 in data connections, so the file transport is as secure as possible. There are two main advantages in using sftp instead of ftp:

  1. Password are never transferred in clear text, preventing any sniffer attack.

  2. Data are encrypted during the transfer, making difficult to spy or modify the connection.

The use of sftp is really simple. Let's suppose that you would connect via sftp to your account zahn on host1. In order to do that use the command:

$ sftp zahn@host1
Connecting to host1...
zahn@host1's password:

When the sftp is ready to accept commands, it will display a prompt sftp>. In the sftp manual page there are a complete list of the commands which the user can use; among them there are:

  • quit

Quits from the application.

  • cd directory

Changes the current remote working directory.

  • lcd directory

Changes the current local working directory.

  • ls [ -R ] [ -l ] [ file ... ]

Lists the names of the files on the remote server. For directories, the contents of the directory are listed. When the -R option is specified, the directory trees are listed recursively. (By default, the subdirectories of the argument directories are not visited). When the -l option is specified, permissions, owners, sizes and modification times are also shown. When no arguments are given, it is assumed that the contents of . are being listed. Currently the options -R and -l are mutually incompatible.

  • lls [ -R ] [ -l ] [ file ... ]

Same as ls, but operates on the local files.

  • get [ file ... ]

Transfers the specified files from the remote end to the local end. Directories are recursively copied with their contents.

  • put [ file ... ]

Transfers the specified files from the local end to the remote end. Directories are recursively copied with their contents.

  • mkdir dir (rmdir dir)

Tries to create (destroy) the directory specified in dir.

Sftp supports glob patterns (wildcards) given to commands ls, lls, get, and put. The format is described in the man page sshregex.

Since sftp use encryption there is drawback: the connection is slower (about a factor of 2-3 to my experience), but this point is of marginal interest considering the great security benefits.


Scp (Secure Copy) is used to copy files over the network securely. It is probably the simplest way to copy a file into a remote machine. Let's suppose you want to copy the file filename contained in the directory local_dir to your account myname on the directory remote_dir on host host1. Using scp you could enter from the command line:

$ scp local_dir/filename myname@host1:remote_dir

In such a way the file filename is copied with the same name. Wildcards can be used (read more about those from sshregex man page). The command:

$ scp local_dir/* myname@host1:remote_dir

copies all files from directory local_dir into the directory remote_dir of host1.

The command:

$ scp myname@host1:remote_dir/filename .

copies the file filename from remote_dir on host1 to the local directory.

Scp supports many options and allows copies between two remote systems as in the following example:

$ scp myname@host1:rem_dir/fname myname@host2:another_dir

Obviously, using scp, you must know the exact directory tree of the remote machine, so in practice sftp is often preferred.