In the previous tutorial, it was seen how FTP protocol can be used to update application software on an IoT device. However, FTP protocol has some security concerns as it is vulnerable to several kind of attacks like Brute force attack, FTP bounce attack, Packet capture, Port stealing (guessing the next open port and usurping a legitimate connection), Spoofing attack, Username enumeration etc. Therefore, secure variants of FTP protocols were developed. SSH File Transfer Protocol is one of the secure variants of the FTP protocol.
Fig. 1: Symbol of SSH File Transfer Protocol (SFTP)
SSH File Transfer Protocol / Secure File Transfer Protocol (SFTP) was designed for file access, transfer and management over a reliable and secure data stream. It was designed by Internet Taskforce (IETF) to provide secure file transfer capability. Later on, IETF stated that it was designed as an extension to SSH (Secure shell) for transferring the files over a secure connection using TLS.
Why need SFTP –
The FTP was used to transfer files but not over a secure channel, So SFTP was developed. It is not likely a FTP protocol over SSH, it is a new protocol which supports many file operations over network. It gives easy but safe access to files over remote connection. It can also be used like SSH-1 and SSH-2.
SFTP Features –
SFTP comes with many advantages over FTP like
1. Resume interrupted file transfers
2. Remote file removal
3. Directory listing
4. File management on the server
5. Platform Independence
6. Upload stamp i.e. Uploaded files may be associated with their basic attributes, such as time stamps. This is an advantage over the common FTP protocol.
SFTP Software –
Like any other protocol, SFTP is also based on client server model, So, there are some server-client software required for implementation of the protocol.
SFTP Client – The client is a command line based software where a user can use traditional tools like secure shell and PUTTY but that totally depends on what the server supports.
Some commonly used SFTP client programs are as follow –
1) WinSCP: It is free and open source SFTP GUI client. Despite its name it’s not limited to SCP, but works with SFTP and FTP/SSL too.
2) Filezilla Client: It is free and open source FTP, FTP/SSL and SFTP GUI client (beware of adware).
3) Bitvise SSH Client: It is a SSH tunneling, SSH terminal emulation and SFTP client. It is available as commercial application.
4) JSCAPEAny Client: It is a Web-based SFTP/FTP/FTPS/WebDAV/S3 client. It is available as commercial application.
SFTP Server – SFTP servers can be implemented on Linux based machines. Some FTP and SSH Server implementation provides SFTP implementation along with their installation and share default port 22 with other SSH services.
Some popular SFTP server tools are as follow –
1) OpenSSH: This is the most widely used SFTP/SSH server on the planet. It is perfect for Linux or *BSD but not so great on Windows. It is an open source tool.
2) Bitvise SSH Server: It is a SFTP/SSH server for Windows.
3) Tectia SSH Server: It is an Enterprise SFTP/SSH server from the creators of the SSH protocol.
4) CrushFTP: It is a file transfer server with support for SFTP, SCP, FTPS and HTTPS.
SFTP Proxy – Handling the SFTP traffic over traditional proxies is ineffective for controlling SFTP traffic. There is slandered tool for SFTP proxies that are like “TIS fwtk” or “SUSE FTP proxy”.
Development with SFTP –
Client and server libraries for SFTP are written in popular programming languages like, C/C++, .net, java and python. So, developing an application with SFTP is easy and has many resources.
In the next tutorial, learn to design an Online Hotel Order Management System using MQTT protocol.
Filed Under: IoT tutorials, Tutorials