2.7.1. sftp

The scp command is convenient and useful, but many users are already familiar with FTP (File Transfer Protocol), a more widely used technique for transferring files on the Internet.[14] sftp is a separate file-transfer tool layered on top of SSH. It was developed by SSH Communications Security and was originally available only in SSH2, but other implementations have since appeared (e.g., client support in SecureFX and server support in OpenSSH). sftp is available only in SSH2: it is implemented as an SSH2 subsystem [Section 5.7, "Subsystems"] and thus not readily adaptable to use with SSH1.

[14]Due to the nature of the FTP protocol, FTP clients are difficult to secure using TCP port forwarding, unlike most other TCP-based clients. [Section 11.2, "FTP Forwarding"]

sftp is advantageous for several reasons:

• It is secure, using an SSH-protected channel for data transfer.

• Multiple commands for file copying and manipulation can be invoked within a single sftp session, whereas scp opens a new session each time it is invoked.

• It can be scripted using the familiar ftp command language.

• In other software applications that run an FTP client in the background, you can try substituting sftp, thus securing the file transfers of that application.

You may need an agent when trying this or similar FTP replacements, since programs that use FTP might not recognize the prompt sftp issues for your passphrase, or they might expect you to have suppressed FTP's password prompt (using a .netrc file, for example).

Anyone familiar with FTP will feel right at home with sftp, but sftp has some additional features of note:

• Command-line editing using GNU Emacs-like keystrokes (Control-B for backward character, Control-E for end of line, and so forth)

• Regular-expression matching for filenames, as documented in the sshregex manpage supplied with SSH2 and found in Appendix A, "SSH2 Manpage for sshregex"

• Several command-line options:

-b filename

Read commands from the given file instead of the terminal

-S path

Locate the ssh2 program using the given path

-h

Print a help message and exit

-V

Print the program version number and exit

-D module=level

Print debugging output [Section 5.8.2.2, "SSH2 Debug mode (module-based)"]

Also, sftp doesn't have the separate ASCII and binary transfer modes of standard FTP, only binary. All files are transferred literally. Therefore, if you copy ASCII text files between Windows and Unix with sftp, end-of-line characters aren't translated properly. Normally, FTP's ASCII mode translates between Windows' "carriage return plus newline" and Unix's newline, for example.

2.7.3. Hostname Links

ssh for SSH1 and OpenSSH also mimics rlogin in another respect: support for hostname links. If you make a link to the ssh executable, and the link name isn't in the set of standard names ssh recognizes,[15] ssh has special behavior. It treats the link name as a hostname and attempts to connect to that remote host. For example, if you create a link called terpsichore.muses.org and then run it:

[15]These are rsh, ssh, rlogin, slogin, ssh1, slogin1, ssh.old, slogin.old, ssh1.old, slogin1.old, and remsh.

$ ln -s /usr/local/bin/ssh terpsichore.muses.org
$ terpsichore.muses.org
Welcome to Terpsichore!  Last login January 21st, 201 B.C.
terpsichore>

It's equivalent to running:

$ ssh terpsichore.muses.org
Welcome to Terpsichore!  Last login January 21st, 201 B.C.
terpsichore>

You can create a collection of these links for all commonly used remote hosts. Note that support for hostname links has been removed in SSH2. (We have never found them to be very useful, ourselves, but the capability does exist in SSH1 and OpenSSH.)