An alternative to using vsftpd, Secure FTP (SFTP) is another secure method of transferring files from one server to another.

//

Installation

SFTP (SSH File Transfer Protocol) is part of the SSH package, and the SSH package should be on your server by default.  You don't need to install anything else to support SFTP.

Configuration

Your SSH server should have SFTP enabled by default, so if you're able to make SSH connections you should be able to use SFTP without additional configuration.

If you want to make sure of that, the pertinent section in the SSH server's config file (usually "/etc/ssh/sshd_config") should look like:

# override default of no subsystems
Subsystem	sftp	/usr/libexec/openssh/sftp-server

So long as that Subsystem entry is there for the sftp server you're good.  If you can't find that line in your sshd_config you can add it to the end of the file and then restart the SSH server to enable sftp.You can learn more about configuring the SSH server in our article on basic Linux server security.

Security

As mentioned, SFTP uses the SSH protocol to connect to your Server.

As such, the connection and all data is encrypted to prevent any eavesdropping of passwords or sensitive data.

SFTP Client

We can start by looking at an SFTP client.

The 'client' is a programme on your local workstation. I won't go into listing all the available SFTP clients but suffice to say that the vast majority of modern FTP clients also support SFTP (keep in mind SFTP does not use the 'typical' FTP protocols and so some older FTP clients may not support SFTP).

You can search for SFTP clients for Windows, OS X, Linux or other Operating Systems.

Due to the vast array of clients available I can't go into how to use each one (they should have plenty of documentation with the software).

However, the preferences/options panel will allow you to enter the SFTP details.

Take a look at this example:

If you have followed the setup articles (see the link above) you will notice the details are the same as those we used to setup SSH.

We have the Server IP, the user named 'fred', and we will be using the standard port 22.

The protocol has been specified as SFTP over SSH2 - this particular client has several options available.

Lastly, you should be able to set the path for the UI. In this case, I want to open the client in my home partition.

Once I have submitted the information, I am connected to the Server:

Note: In this case I have accessed the Server at the root folder level. As such, you can browse the folders as shown above.

Most clients will allow you to 'double click' on a file and edit it in a local browser.

Permissions

Which brings us nicely to permissions.

Do remember that you are using the same details as the SSH user - as such they won't be able to automatically edit files owned by root.

All that would happen is a nice 'permission denied' error if you tried to open or save any changes to a root owned file.

So what to do about the permissions?

Well, to be honest, there isn't a lot you can do about it. The permissions are there for a good reason and are an integral part of Linux and how it is designed.

Neither do I recommend logging in as root - part of the initial SSH setup entailed disabling root logins.

However, beyond the initial setup, there should be little reason to mess around with files owned by root and any changes in configurations would be done from the command line using the 'sudo' command.

The main reason for using SFTP clients is to ease the transfer of files - most of which will be to your public_html folder which you will have permission to write.

Those are just a few of the methods that you can easily use to set up secure file transfers to your Linux Cloud server.  If you are using a Windows Server, you may need still need to use FTP.  The following article shows you how to set up an FTP site in IIS 7.0.