Transferring files made easy using SSH/SFTP

2021-01-10

(last time edited: 2021-03-24)

tags: ssh

When I fix someone else's computer I don't really want to use a hard drive to transfer backups. I don't wanna waste my time dealing with different incompatible filesystems or opening encrypted storages. Also NO! I don't wanna start an unsafe and risky an old FTP instance on my side. There are nice little programs such as vsftpd but it can be a pain to set up. Avoid FTP and FTPS at all costs.

The solution is always handy, simple and very easy to use. The magnificent SSH (Secure Shell) protocol and it's SFTP (SSH File Transfer Protocol) implementation. While both at its core pretend to do the same in different ways, in my personal tech dungeon SFTP is more comfortable to use with different kinds of systems, such as Linux to Windows, Windows to Linux, Android to Linux, Linux to Android, Windows to Android and viceversa. Termux on Android + SSH = Glorious. The SSH protocol works at many levels. It's also perfect for mantaining incremental backups between home devices.

Some UNIX command-line and graphical programs like FileZilla or similar are all you need. Oh, and a private LAN! Yes, your router connecting every device in the same network.

SSH

SSH or Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.

SSH provides a secure channel over an unsecured network by using a client–server architecture, connecting an SSH client application with an SSH server. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2. The standard TCP port for SSH is 22. SSH is generally used to access Unix-like operating systems, but it can also be used on Microsoft Windows. Windows 10 uses OpenSSH as its default SSH client and SSH server.

Go to your UNIX clone system and install OpenSSH from your distribution repository if possible. Usually the package name is openssh.

In Void Linux:

# xbps-install openssh

Now start sshd. The SSH daemon service. While there are advanced alternatives such as tinyssh or dropbear, let's just stick with the most common SSH distribution which is OpenSSH.

If you are using runit to manage your services it's just as simple as creating a symlink. If you are using SystemD I cannot help you. Sorry, burn in hell.

# ln -s /etc/sv/sshd /var/service

Oh no! sshd is running and our system is exposing us to all external connections. We won't use firewall and port management with UFW, nor TCP deny lists as a solution.

The solution is to add some text somewhere in /etc/ssh/sshd_config file. Do NOT delete everything else.

Also configuring sshd helps incrementing security with their many settings.

# ...

PermitRootLogin no
AllowUsers *@192.168.1.0/24

# ...

With these options we are disabling any login to our root@localhost. I know sshd by default only permits login via authorized_keys, but who cares when we can be a little more paranoid? The second option allows only IPs from the same subnet, IPs in our LAN. Some routers assign IPs starting from 192.168.0.0, some routers starting from 192.168.1.0.

/24 is a different way to say from 0 to 255.

Anyways, my router only has a LAN address pool from 192.168.1.100 to 192.168.1.199. Only 99 connections.

If by some reason you need root login to some computer use this setting. It could be useful sometimes.

# ...

PermitRootLogin yes

# ...

Remember to restart your SSH service daemon after editing sshd_config.

Transferring files using FileZilla

FileZilla is a free software, cross-platform FTP application, consisting of FileZilla Client and FileZilla Server. Client binaries are available for Windows, Linux, and macOS, server binaries are available for Windows only. Both server and client support FTP and FTPS (FTP over TLS/SSL), while the client can in addition connect to SFTP servers.

You can transfer files using the a virtual simple terminal, PuTTY, and many other programs but let's make this guide idiotproof.

Install the FileZilla client on the computer you wanna retrieve the backup.

If you don't wanna install FileZilla, you might aswell try another graphical client like gFTP which is lighter and probably works even better than FileZilla. I just picked up FileZilla which is very stable software.

Find out the local IP number where the backup is stored.

You can do this by running in said computer the next command:

$ ifconfig

Usually the local IP is listed in the block of our network interface. In my case it goes by enp031f6.

enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.101  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::dd5:dafsd:b9vea:8a66  prefixlen 64  scopeid 0x20<link>
        ether 20:8a:3a:1b:2c:32  txqueuelen 1000  (Ethernet)
        RX packets 13819321  bytes 18856114728 (17.5 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5302798  bytes 518821380 (494.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16  memory 0xf27200000-f7240000

Bingo. 192.168.1.101

As you can see the IP is listed next to inet.

A nice recommendation is to create a different user with a different password containing the backup. You don't wanna get compromised.

# adduser <user>

# passwd <user>

Now go to FileZilla and connect using the SFTP protocol.

blogimg

Fill in the top fields and click Quickconnect. Port 22 is SSH's default port.

Now you can mess with directories, move, copy, delete, etc.

Transferring files using a terminal

Keep it simple stupid, you don't need FileZilla to send a whole directory from system to system. Well... FileZilla makes things easier only if you have a Windows machine on the other side.

First make sure your important UNIX user home directories are not accesible by groups or public users.

# chmod 700 /path/to/user_home_dir

Let's keep going.

From UNIX clone to UNIX clone I still prefer the terminal.

There are multiple ways to connect remotely with the terminal. The easiest one is opening a tunnel via SSH.

$ ssh <user>@<ip>

and using rsync to create an incremental transfer/backup of specific files/directories.

$ rsync -av --delete /home/some_user/random_directory /home/other_user/somedirectory

random_directory will be placed inside somedirectory


You can also download/upload files using temporal OpenSSH's scp (secure file copy). It works as a network version of cp util.

for downloading files:

$ scp <user>@<ip>:/home/some_user/file.txt /home/other_user/file.txt

for uploading files:

$ scp /home/some_user/file.txt someuser@iphere:/home/some_user/file.txt


Another way is to open an SFTP tunnel as if you were using plain old FTP. sftp comes inside the OpenSSH package.

$ sftp <user>@<ip>

If you type help inside the shell it will bring up all kinds of commands that you can use to navigate around.

sftp> help

SimpleSSHD

SimpleSSHD is a SSH server Android app, based on Dropbear, written by Greg Alexander.

It allows user access (user ssh) or full root access (by setting the login shell to /system/xbin/su) (if root is allowed).

If you'd like to backup your computer files and transfer them to your smartphone, then use this program. You can download it from F-Droid.

Install it, run it and start the background service. Your device IP will be on the top blue bar and the default port is NOT 22. It's 2222 because of Android restrictions.

blogimg

The basic usage for an SSH tunnel is:

$ ssh -p 2222 192.168.1.100

If you wanna send an incremental backup using SSH + rsync this is the commandline:

$ rsync -av --delete -e 'ssh -p 2222' /home/some_user/dotfiles 192.168.1.100:

Everytime you connect you'll be prompted to introduce a randomly generated password that displays on your smartphone.

Happy tunneling!