AdSense

Friday, September 1, 2017

16 - Linux Security: encrypted file transfer with SFTP (SSH/Secure File Transport Protocol)


ENCRYPTED FILE TRANSFER WITH SFTP (SSH/SECURE FILE TRANSPORT PROTOCOL)

- Layout for this exercise:





1 - Introduction to SFTP

- SFTP (SSH or Secure File Transport Protocol) is a network protocol that provides encrypted file access, file transfer, and file management over any reliable data stream.


- SFTP was designed by the IETF (Internet Engineering Task Force) as a subsystem of SSH, sharing the same port 22 by default.


- SFTP assumes that it is run over a secure channel, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol.


https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol


- Linux manual for SFTP:







2 - Installing and starting SFTP

- Because SFTP is dependent on the very common service SSH it is usually installed by default. However, just in case it is not installed and activated, follow the next instructions.

- Installing and starting the service SSH at Debian:








- Installing and starting the service SSH at Kali:







3 - Connecting with SFTP

- From Kali let's start an SFTP connection to Debian using user marie:




- Determining the remote current directory with pwd:


 



- To have help about SFTP commands just use the command ?:




4 - GET command to download files with SFTP

- Debian has got a local file that Kali is interested to download:




- Searching for the file remotely from Kali:



- Changing to the directory that holds the file:



- Listing the file:




- The command get followed by the filename downloads it from Debian to Kali:




- Checking that the downloading process has been successful:






5 - PUT command to upload files with SFTP

- Creating a new directory remotely at Debian from Kali:


- Changing to the new directory:




- Kali has got a local file that is going to be uploaded to Debian:



- The command put followed by the path to the local file and its filename triggers the uploading process:



- Checking that the uploading process has been successful:








6 - RM command to remove files remotely with SFTP


- Now, let's remove the uploaded file with rm command:



- Checking that the removal has been successful:





7 - Analyzing the encrypted SFTP connection with Wireshark

- Starting Wireshark at the Kali machine:




- Applying filter: ssh (because SFTP is a subsystem of SSH) the whole connection between Debian (192.168.1.18) and Kali (192.168.1.19) is available. Let's notice that the destination port at Debian is port 22, as expected:





- It is interesting to check that the whole connection is encrypted, so a potential sniffer could not access to the real contents of the transfer. For instance:





- Also, applying Follow TCP Stream option, the stream is displayed encrypted: