A Light for Science

You are here: Home → Infrastructure → Computing → Data Communication Networks → Internet and The Firewall → Users Manual (Email, ssh, ftp, etc.) → Using SFTP

Using SFTP

last modified 08-09-2008 11:39

Sftp is an interactive file transfer program, similar to ftp, which performs all operations over an encrypted transport. Sftp is a part of Ssh. sftp connects and logs into the specified host, then enters an interactive command mode.

Caveats:

Sftp access is only supported for client computers correctly registered in the DNS
Ssh version 1 is not supported.
External users must use a special port number (see below).

For the Windows-based personal computers, two programs are available for download, PuTTY and SSH:

Download PuTTY small, simple and directly executable ssh-client program
Download SSH full-featured ssh-client program from ssh.com, non-commercial use only, executable file which is an installer program
How to setup SSH (above client from ssh.com)

From the external side (external users having an user account on an internal system)

Users first connect to a "proxy" server running on the firewall computer, which will in turn automatically connect them to the destination system. To use the Ssh/Sftp proxy, simply sftp to the firewall computer as if you wished to ftp into it, indicating the port number depending on the target Institute (-oPort= option for a UNIX/Linux command, or selected in menus on a graphical interface):

port 5022 on firewall.esrf.fr: login ESRF (NICE cluster)
port 5023 on firewall.ill.fr: login ILL
port 5024 on firewall.embl-grenoble.fr: login EMBL-Grenoble

There will be a short pause, and you will be prompted with a password prompt directly on the internal Ssh/Sftp server.

The external user must have a valid user account (identified by a username and a password) on this Ssh/Sftp server.

Unix example:

% sftp -oPort=5022 johnson@firewall.esrf.fr
Connecting to firewall.esrf.fr...
johnson@firewall.esrf.fr's password:  XXXXX (password on the Ssh/Sftp server)
sftp> dir
img1.gif
img2.gif
img3.gif
.
.
(usual ftp commands: dir, cd, ls, get, put...)
.
.
sftp> quit
%

From inside

Internal users should not cross the firewall for Sftp access, just sftp directly to the remote host. Note that outgoing Sftp is fully supported provided a Sftp client program is used internally (e.g. on the NICE cluster at the ESRF).

European Synchrotron Radiation Facility