sftp is a mix between ftp and scp. Connecting to the server requires the
same syntax as with scp—you can just specify an IP address to connect
using your current username, or you can specify a username by using
username@ipaddress. You can optionally add a colon and a directory, as with
scp. When you are connected, the commands are the same as for ftp: cd,
put, mput, get, quit, and so on.
One of the scp examples earlier in this chapter copied a remote file locally.
You can do the same thing with sftp, as shown in the following
conversation:
Click here to view code image
matthew@seymour:~$ sftp 192.168.1.102
Connecting to 192.168.1.102...
[email protected]'s password:
sftp> get remote.txt
Fetching /home/matthew/remote.txt to remote.txt
/home/matthew/remote.txt 100% 23 0.0KB/s 00:00
sftp> quit
matthew@seymour:~$
Although FTP remains prominent because of the number of systems that do
not have support for SSH, SFTP is gaining popularity. Apart from the fact that
it secures all communications between client and server, SFTP is popular
because the initial connection between the client and server is made over port
22 through the sshd daemon. Someone using SFTP connects to the standard
sshd daemon, verifies himself or herself, and then is handed over to the
SFTP server. The advantage to this is that it reduces the attack vectors
because the SFTP server cannot be contacted directly and so cannot be
attacked as long as the sshd daemon is secure.
Using ssh-keygen to Enable Key-Based Logins
There is a weak link in the SSH system, and, inevitably, it lies with users. No
matter what lengths system administrators go to in training users to be careful
with their passwords, monitors around the world have sticky notes attached to
them with pAssw0rd written on them. Sure, it has a mix of letters and
numbers, but it can be cracked in less than a second by any brute-force
method. Brute-forcing is the method of trying every password possibility,
starting with likely words (such as password and variants, or god) and then
just trying random letters (for example, a, aa, ab, ac, and so on).
Even very strong passwords are no more than about 16 characters; such
passwords take a long time to brute-force but can still be cracked. The