SSH, SCP, and SFTP
Light at the End
The secure shell gives you an option for securing other Internet services against sniffing via tunneling. To secure an otherwise-unencrypted protocol (such as POP3), forwarding TCP/IP connections to a remote machine by means of an encrypted protocol makes sense. The use of SSH as a SOCKS proxy is another elegant application that lets users transfer encrypted data via a web browser. Setting up a tunnel to a proxy also avoids web content censorship, which is a useful feature in countries that block some websites. If you have a shell account on a machine in a less restrictive country, this approach can give you unimpeded web access.
To start, enable the proxy with the SSH -D option, and at the same time pass in a freely selectable port number. In this scenario, the -f and -N parameters also are useful. The former pushes ssh into the background after logging in and before executing commands, and the latter tells ssh that no commands are to follow; for example:
$ ssh -fN -D 1080 Proxy
After entering the password, the prompt reappears and the shell is ready to accept further instructions. That's all there is to it – the SOCKS proxy is waiting for something to do.
The next step is to set up the SSH client as a SOCKS proxy in the network configuration for the program in question. If this is the Firefox web browser, you can select Edit | Preferences and go to General | Network.
In Connection, click Settings, enable the manual proxy configuration, enter the IP address 127.0.0.1 and the port you previously selected in the SOCKS Host field. SOCKS versions 4 and 5 are available; when in doubt, check the ssh man page to see which version your SSH installation supports. After accepting these changes in Firefox, you can type an address in your browser's address box to verify the connection: http://www.myipaddress.com/; you should see the IP for the remote machine.
Interactive with sftp
In contrast to scp, users work interactively with sftp, just as in any "normal" ftp session. Secure ftp does not expect an ftp server at the other end of the connection, but rather an SSH daemon and, thus, a shell account. As with SSH, set up a connection to the target computer at the command line:
$ sftp huhn@macnugget
After entering your password, you will see the sftp> prompt, which tells you that the program is ready and waiting for further input.
The sftp program is not much different from those used by other shell-based ftp clients; however, you can't set the transfer mode (ASCII or binary) before transferring data because files are sent as-is across the network.
Secure ftp also has some advanced functions for modifying file permissions and ownership. For a comprehensive overview of the available commands, see the help command.
Some practical command-line options facilitate working with sftp. For example, the -C parameter for enabling data compression not only is available for ssh and scp, but also for sftp. The -b <file> option lets you pass in a batch file with the commands you want to run to sftp; however, this will work only if you do not need to enter a password to log in.
If you are interested in a graphical client for sftp, the answer is quite simple: Both KDE's Konqueror and Gnome's Nautilus support sftp perfectly. Just enter the following in the address line of either application,
sftp://user@rechner
and then authenticate with the correct password to use sftp, just like your local file manager.
Infos
- Free SSH implementation, OpenSSH: http://openssh.org
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Endless OS 6 has Arrived
After more than a year since the last update, the latest release of Endless OS is now available for general usage.
-
Fedora Asahi 40 Remix Available for Macs with Apple Silicon
If you've been anticipating KDE's Plasma 6 for your Apple Silicon-powered Mac, then you're in luck.
-
Red Hat Adds New Deployment Option for Enterprise Linux Platforms
Red Hat has re-imagined enterprise Linux for an AI future with Image Mode.
-
OSJH and LPI Release 2024 Open Source Pros Job Survey Results
See what open source professionals look for in a new role.
-
Proton 9.0-1 Released to Improve Gaming with Steam
The latest release of Proton 9 adds several improvements and fixes an issue that has been problematic for Linux users.
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.