Friday, September 1, 2017

16 - Linux Security: encrypted file transfer with SFTP (SSH/Secure File Transport Protocol)


- Layout for this exercise:

1 - Introduction to SFTP

- SFTP (SSH or Secure File Transport Protocol) is a network protocol that provides encrypted file access, file transfer, and file management over any reliable data stream.

- SFTP was designed by the IETF (Internet Engineering Task Force) as a subsystem of SSH, sharing the same port 22 by default.

- SFTP assumes that it is run over a secure channel, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol.

- Linux manual for SFTP:

2 - Installing and starting SFTP

- Because SFTP is dependent on the very common service SSH it is usually installed by default. However, just in case it is not installed and activated, follow the next instructions.

- Installing and starting the service SSH at Debian:

- Installing and starting the service SSH at Kali:

3 - Connecting with SFTP

- From Kali let's start an SFTP connection to Debian using user marie:

- Determining the remote current directory with pwd:


- To have help about SFTP commands just use the command ?:

4 - GET command to download files with SFTP

- Debian has got a local file that Kali is interested to download:

- Searching for the file remotely from Kali:

- Changing to the directory that holds the file:

- Listing the file:

- The command get followed by the filename downloads it from Debian to Kali:

- Checking that the downloading process has been successful:

5 - PUT command to upload files with SFTP

- Creating a new directory remotely at Debian from Kali:

- Changing to the new directory:

- Kali has got a local file that is going to be uploaded to Debian:

- The command put followed by the path to the local file and its filename triggers the uploading process:

- Checking that the uploading process has been successful:

6 - RM command to remove files remotely with SFTP

- Now, let's remove the uploaded file with rm command:

- Checking that the removal has been successful:

7 - Analyzing the encrypted SFTP connection with Wireshark

- Starting Wireshark at the Kali machine:

- Applying filter: ssh (because SFTP is a subsystem of SSH) the whole connection between Debian ( and Kali ( is available. Let's notice that the destination port at Debian is port 22, as expected:

- It is interesting to check that the whole connection is encrypted, so a potential sniffer could not access to the real contents of the transfer. For instance:

- Also, applying Follow TCP Stream option, the stream is displayed encrypted: