What it is
SFTP (SSH File Transfer Protocol) is a secure way to transfer files between a local and remote machine over an SSH connection. You reach for it when you need to upload or download files to/from a server where you have SSH access.
Installation
SFTP is typically included as part of your SSH client.
- Linux: Usually pre-installed. If not, install
openssh-client:sudo apt update && sudo apt install openssh-client # or sudo dnf install openssh-client - Mac: Included with macOS. No installation needed.
- Windows:
- Windows 10/11 (OpenSSH Client):
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 - Alternatively, use a GUI client like FileZilla or WinSCP.
- Windows 10/11 (OpenSSH Client):
Core Concepts
- Remote Host: The server you are connecting to.
- Local Host: Your current machine.
- SSH Connection: SFTP uses the underlying SSH protocol for authentication and encryption. This means you’ll use the same credentials (username, password, or SSH key) as you would for SSH.
sftp>prompt: Once connected, you’ll see ansftp>prompt, indicating you are in the SFTP interactive shell.
Commands / Usage
Connecting to a Remote Host
-
Connect using username and password:
sftp user@example.comConnects to
example.comas useruserand prompts for a password. -
Connect using username and password to a specific port:
sftp -P 2222 user@example.comConnects to
example.comon port2222as useruser. -
Connect using an SSH key:
sftp -i ~/.ssh/id_rsa user@example.comConnects to
example.comas useruserusing the private key~/.ssh/id_rsa. -
Connect to a hostname with a specific port:
sftp -P 2222 example.comConnects to
example.comon port2222using your current local username.
Navigating the Remote System (within the sftp> prompt)
-
List files and directories on the remote system:
lsShows the contents of the current remote directory.
-
List files and directories with details:
llsShows the contents of the current local directory with details.
-
Change directory on the remote system:
cd /var/www/htmlChanges the current remote directory to
/var/www/html. -
Change directory on the local system:
lcd ..Changes the current local directory to the parent directory.
-
Print working directory on the remote system:
pwdDisplays the current remote directory path.
-
Print working directory on the local system:
lpwdDisplays the current local directory path.
Transferring Files
-
Download a file from remote to local:
get remote_file.txt local_file.txtDownloads
remote_file.txtfrom the remote server to your current local directory, saving it aslocal_file.txt. -
Download a file and keep the same name:
get /path/to/remote/file.zipDownloads
file.zipfrom/path/to/remote/on the server to your current local directory. -
Download multiple files (using wildcards):
mget *.logDownloads all files ending in
.logfrom the current remote directory to the current local directory. You will be prompted for each file. -
Upload a file from local to remote:
put local_file.txt remote_file.txtUploads
local_file.txtfrom your current local directory to the current remote directory, saving it asremote_file.txt. -
Upload a file and keep the same name:
put /path/to/local/image.jpgUploads
image.jpgfrom/path/to/local/on your machine to the current remote directory. -
Upload multiple files (using wildcards):
mput *.configUploads all files ending in
.configfrom the current local directory to the current remote directory. You will be prompted for each file.
Advanced Transfer Options
-
Download a file recursively (directory):
get -r /path/to/remote/directoryDownloads the entire
directoryand its contents from the remote server to your current local directory. -
Upload a directory recursively:
put -r /path/to/local/directoryUploads the entire
directoryand its contents from your local machine to the current remote directory. -
Resume interrupted transfers:
get -r remote_large_file.zip put -r local_backup.tar.gzThe
-rflag also enables resuming interrupted transfers for files. -
Force overwrite existing files:
put -o local_script.sh get -o remote_config.yamlThe
-oflag forces overwriting existing files on the destination without prompting.
Other Useful Commands (within the sftp> prompt)
-
Create a directory on the remote system:
mkdir new_remote_directoryCreates a new directory named
new_remote_directoryon the remote server. -
Remove a file on the remote system:
rm old_file.txtDeletes
old_file.txtfrom the remote server. -
Remove a directory on the remote system (must be empty):
rmdir empty_directoryDeletes the empty directory
empty_directoryon the remote server. -
Rename a file or directory on the remote system:
rename old_name.txt new_name.txtRenames
old_name.txttonew_name.txton the remote server. -
Get help:
help # or ?Displays a list of available SFTP commands.
-
Exit the SFTP session:
quit # or exit # or byeCloses the SFTP connection and returns to your local shell.
Non-Interactive Usage (Command Line)
-
Download a file directly:
sftp user@example.com:/path/to/remote/file.txt ./local_destination/Downloads
file.txtfromuser@example.comto the specified local path. -
Upload a file directly:
sftp ./local_file.txt user@example.com:/path/to/remote/destination/Uploads
local_file.txtto the specified remote path onuser@example.com. -
Upload a directory recursively:
sftp -r ./local_directory user@example.com:/path/to/remote/destination/Uploads the entire
local_directoryand its contents to the remote server. -
Download a directory recursively:
sftp -r user@example.com:/path/to/remote/directory ./local_destination/Downloads the entire
directoryand its contents from the remote server. -
Execute a single command remotely and exit:
sftp -oBatchMode=yes -b commands.txt user@example.comExecutes commands listed in
commands.txton the remote server and then exits.BatchMode=yesprevents interactive prompts.Example
commands.txtcontent:cd /var/www put index.html quit
Common Patterns
-
Synchronize a local directory to a remote directory: This is often done with
rsyncover SSH, but for simpler cases or whenrsyncisn’t available, you can script SFTP. However, SFTP doesn’t have a built-in "sync" command. The most common approach is to usemgetandmputwithlcdandcd, or to useput -randget -rfor entire directories. For true synchronization,rsyncis generally preferred. -
Download all files from a remote directory:
sftp user@example.com <<EOF cd /remote/path/to/files lcd /local/path/to/save mget * quit EOFThis uses a "here document" to send commands to
sftpnon-interactively. -
Upload all files from a local directory:
sftp user@example.com <<EOF cd /remote/path/to/upload lcd /local/path/with/files mput * quit EOF -
Transferring a single file using a specific key and port:
sftp -P 2222 -i ~/.ssh/deploy_key deploy_user@app.example.com:/home/deploy_user/app.tar.gz ./builds/Downloads
app.tar.gzfrom the specified server and port using a specific key.
Gotchas
mgetandmputprompt for each file: By default,mgetandmputwill ask for confirmation for every file. To disable this, you can use the-rflag withgetorputfor recursive operations, or the-oflag to force overwrite without prompting. For truly non-interactive batch operations, consider using a script with<<EOFor tools likersync.rmdironly works on empty directories: To remove a directory and its contents, you’ll need tormthe files inside it first, or usessh user@host 'rm -rf /path/to/directory'non-interactively.- SFTP is not FTP: SFTP is a secure protocol that runs over SSH. It is distinct from FTP (File Transfer Protocol) and FTPS (FTP over SSL/TLS). SFTP commands are generally simpler and less feature-rich than FTP commands.
- Permissions: SFTP transfers files with their original permissions by default. If you need to change permissions, you might need to use the
chmodcommand on the remote server via SSH or after the transfer. - Local vs. Remote Commands: Remember the distinction between
ls(remote) andlls(local),cd(remote) andlcd(local),pwd(remote) andlpwd(local). This is a common source of confusion. - Exiting the prompt: Don’t forget to
quitorexitthesftp>prompt when you’re done, otherwise, your connection will remain open.