Secure File Transfer Protocol (SFTP)

SFTP is a secure method of transferring files over a network. It operates as an extension of the SSH (Secure Shell) protocol, offering encrypted file transfer capabilities. Unlike standard FTP, SFTP encrypts both commands and data, ensuring secure communication between the client and server.

Key Features of SFTP

Secure: All data, including credentials, is encrypted.

SSH Integration: Operates over SSH, leveraging existing configurations.

Authentication: Supports SSH keys or password-based authentication.

File Management: Allows upload, download, deletion, and directory navigation.

Prerequisites 

Server: Ensure you have a server with SSH Installed.

Access: You need administrative/root access to the server

Client Information: Obtain the username and any specific requirements from the client.

Installing SFTP

SFTP functionality is typically included with the installation of an OpenSSH server.

If OpenSSH is installed, your system is likely already SFTP-ready

Verify the SSH Installation

$ rpm -qa | grep openssh

# To Check Package Installtion 

 

Installing OpenSSH

$ sudo yum install openssh-server


Start, enable and status check of the SSHd Daemon

$ sudo systemctl start sshd

$ sudo systemctl enable sshd

$ sudo systemctl status sshd

Configuring SFTP

Setting up SFTP (Secure File Transfer Protocol) Access for deal-tech Clients requires a series of steps to ensure both functionality and security.


Create a nologin shell user account for the client

$ sudo useradd -s /sbin/nologin deal-tech


Set a strong password for the client user account

$ sudo passwd deal-tech


Create a sftp directory where client user can access the files from the directory

    $ sudo mkdir /sftp/deal-tech

    $ sudo mkdir /sftp/deal-tech/from_deal-tech/

    $ sudo mkdir /sftp/deal-tech/to_deal-tech/


Adjust the permissions to the Client user directory

       $ sudo chown root:root /sftp/

    $ sudo chown root:root /sftp/deal-tech

    $ sudo chown -R deal-tech:deal-tech /sftp/deal-tech/*

    $ sudo chmod -R 755 /sftp/deal-tech/

    $ sudo chmod -R g+s /sftp/deal-tech/


Edit the SSH Configuration File

  • Modify /etc/ssh/sshd_config to enable and configure SFTP

$ sudo vim /etc/ssh/sshd_config

    Match User deal-tech

         ForceCommand internal-sftp

    PasswordAuthentication yes

    ChrootDirectory /sftp/deal-tech/

    PermitTunnel no

    AllowAhentForwarding no

    AllowTcpForwarding no

    X11Forwarding no


Check for sshd_config file syntax

$ sudo sshd -t

# if syntax is ok, no output is printed.


Reload the SSH Service

  • Apply the configuration changes:

$ sudo systemctl reload sshd

Firewall Configuration

Ensure the SSH port 22 is open in your firewall:

$ sudo firewall-cmd --add-service=ssh --permanent

$ sudo firewall-cmd --reload

Using SFTP

SFTP can be accessed via command-line tools or GUI-based clients

Command-Line SFTP

  • Connect to the server

$ sftp username@server_ip


Common Commands:

  • Upload a File
    $ put local_file remote_directory

  • Download a File
    $ get remote_file local_directory

  • List Files

$ ls

  • Changing Directory

$ cd remote_directory_name

  • Exit

$ bye


GUI-Based Clients

  • FileZilla

  • WinSCP

  • Cyberduck

Securing SFTP

Disable Password Authentication Use SSH Keys instead

  • Generate an SSH key pair:
    $ ssh-keygen -t rsa

  • Copy the public key to the server:
    $ ssh-copy-id username@server_ip

  • Disable password authentication in /etc/ssh/sshd_config:
    PasswordAuthentication no

Limit User Permissions: Use ChrootDirectory to restrict users to specific directories

Change Default SSH Port: Modify the Port option in configuration file

Enable Logging: Monitor SFTP Activities by enabling verbose logging:

LogLevel VERBOSE

Testing SFTP

  • Verify Connection: Use a client to test the connection
    $ sftp username@server_ip/name

  • Check Permissions: Ensure users cannot navigate outside allowed directories.

Advantages of SFTP

Security: Data is encrypted, making it safe from interception.

Versatility: Supports various authentication methods.

Integration: Built into the SSH Suite, reducing the need for additional software.

Limitations of SFTP

Performance: Slightly slower than standard FTP due to encryption overhead

Complexity: Requires proper SSH configuration for secure usage.

Conclusion

SFTP is a secure and versatile method for file transfer in linux environments. Its integration with SSH makes it a robust choice for organizations prioritizing data security. By following best practices for configuration and security, SFTP can be an available tool for efficient and secure file management.


No comments:

su v/s su - command

The su and su - commands in Linux are both used to switch to another user, typically the root user, but they behave differently in terms of the environment they provide.

su command

The su command (short for "switch user") switches the current session to another user account. When used without specifying a username, it defaults to the root account.


Basic Usage:


$ su


This prompts for the root password and opens a new shell as the root user without loading the root user's environment settings, inheriting the environment variables (e.g., PATH) from the original users.


Switching to Another User:


$ su username


This will prompt for the user's password, then open a new shell for user without loading her login environment.

su - command

The su - command provides a "login shell" for the target user, meaning it simulates a full login and loads the target user's environment.


Basic Usage:


$ su -


This prompts for the root password, then switches to a root login shell with root's environmental variables, PATH, HOME, etc., as if the root user had logged in directly.


Switching to Another User with su -


$ su - username


This switches to the user account with his/her full login environment and loads users shell settings, such as environment variables, working directory, and login scripts like .bash_profile and more


Summary of Differences


Command

Environment

Working Directory

Example

su

Inherits the calling user's environment

Stays in the current directory

su
su username

su - 

Loads the target user's full environment (Login Shell)

Switches to the target user's home directory

su -

su - username
No comments:

What is Library

A library is a collection of pre-compiled code (functions, routines, and subroutines) that programs can use to perform common tasks. Libraries are designed to be reusable, allowing multiple programs to access their functionalities without each needing its own copy of the code. This makes software more efficient, as it reduces redundancy, saves disk space, and optimizes memory usage.

Types of Libraries in Linux


Static Libraries:

  • These libraries are files that are linked directly into the program at compile-time, which means the functions in the library are incorporated into the executable itself.

  • The filename extension for static libraries is usually .a (e.g., libm.a)

  • Advantages: Since everything is included in the executable, the program doesn't rely on external files, which can make it more portable.

  • Disadvantages: The executable size is larger, as all library code is embedded, and updates require recompiling the program with the new library version.


Dynamic (Shared) Libraries:


  • Dynamic libraries are linked at runtime rather than compile-time, meaning they are separate from the executable and loaded into memory only when needed.

  • The filename extension for shared libraries is usually .so (shared object) (e.g., libm.so.6).

  • Advantages: Since the library is loaded at runtime, the executable size is smaller, and multiple programs can share a single instance of the library in memory.

  • Disadvantages: Programs depend on the presence of these libraries in the system, so removing or updating a shared library can affect all programs that use it. 

How Libraries Work in Linux

Libraries provide common code that multiple applications can use, such as handling files, performing calculations, or managing network connections; when an application needs a function, it calls the functions from the library rather than including the code itself.


Example of common libraries:


  • Standard C Library (glibc): Contains basic functions for file handling, memory management, and other core functionalities. It's one of the most essential libraries in Linux.

  • Math Library (libm): Provides mathematical functions, like sin(), cos(), and sqrt().

Linking Libraries in Linux


Static Linking: The library code is embedded directly into the executable during compilation. 


$ gcc -o programname programname.c .path/to/libm.a


Dynamic Linking: The Linker adds references to the library instead of the actual code and the operating system loads the library at runtime.


$ gcc -o programname programname.c -lm 


Commands for working with libraries


ldd command:


  • Lists shared libraries required by a binary

$ ldd /bin/ls


ldconfig command:


  • Updates the system's library cache (useful after installing a new shared library).

$ sudo ldconfig


Libraries in Linux are integral to both system operations and application development, as they provide a structured, modular way of organizing reusable code.
No comments:
Subscribe to: Posts (Atom)
  • What is Library
    A library is a collection of pre-compiled code (functions, routines, and subroutines) that programs can use to perform common tasks. Librari...
  • su v/s su - command
    The su and su - commands in Linux are both used to switch to another user, typically the root user, but they behave differently in terms o...
  • Message of the Day
    The message of the Day (MOTD) is a banner message displayed automatically to users when they log into a linux system via a terminal or SSH. ...
  • Network File System (NFS)
    Network File System (NFS) is a protocol that allows users to access and share files over a network as if they were on a local file system. I...
  • What is Linux?
      Linux is a popular operating system that powers many devices, from smartphones and laptops to servers and supercomputers. But what exactly...
  • Swap Space in Linux
    SWAP Space in Linux is a dedicated area on a storage device (disk or SSD) used as a backup for system memory (RAM). It serves as an overflow...
  • Linux File Hierarchy System
    One of the most important aspects of any operating system is how it organizes and manages the files and directories on the disk. Linux, bein...
  • What is Linux Kernel?
    If you are a computer user, you might have heard of the term "kernel" before. But what exactly is a kernel and what does it do? In...