Do you have a business website? Have you equipped it with SFTP? Hah? What is SFTP? SFTP stands for SSH File Transfer Protocol. Its main function is to make data transfer activities between clients and servers safer. In another sense, this method can prevent hacking or piracy by hackers. Therefore, you, especially those of you who are website owners, must know how to use SFTP so that your website is safe and secure.
However, if you look at its abbreviation, is SFTP the same as FTP? Similar but not the same, maybe that is the most appropriate answer. There are quite significant differences between FTP and SFTP, especially in terms of security.
Before you go there, you need to know first that the digital world is also full of criminals. In fact, now cyber crime has increased by 31%, you know. Because of this, websites especially those engaged in business require extra protection such as SFTP.
SFTP is one way to secure websites from various digital threats. Without SFTP, all data and transactions can easily be hijacked by certain persons. Do you want sensitive information stored on websites to be stolen and misused? Certainly not.
So, to keep your website away from prying eyes, you should know how to use SFTP. But before discussing it, we will accompany you to get to know SFTP further.
What is SFTP?
SFTP (SSH File Transfer Protocol) is a method for securely sending or exchanging information between servers and clients. In accordance with its acronym, SFTP is part of SSH (Secure Shell). In simple terms, SSH is a protocol or procedure that allows two computers to communicate securely and in an agreed language.
Without SSH, the protocol is just FTP (File Transfer Protocol). Which means, file sending traffic has no security. Hmmm, what's the difference between wearing protection and not? Let's find the answer in the next point.
If you have a website, it is important for you to secure it from irresponsible hackers. One way is to use SFTP. However, what is SFTP? As explained at the beginning, SSH File Transfer Protocol or SFTP is a method that is able to protect websites from various digital threats, which of course cannot be separated from the role of SSH itself.
For additional information, Secure Shell or SSH is a protocol that allows two devices to communicate securely using a certain language. So, when the server wants to send data, SFTP will convert it into unique codes that only the client understands. Thus, the tragedy of data leakage will be avoided.
Difference between SFTP and FTP
Now, imagine that you and a co-worker want to gossip about your boss. For fear of someone eavesdropping on the conversation, you two chose to chat at the quietest table in the canteen.
Huddled so much fun, you and your friends do not pay attention around. Without you knowing it, The Boss is sitting near the table and he has heard all your chatter. Too bad, right?
Well, that's what happens when you use FTP. Any exchange of information is open enough to leak easily and invite more threats. It's different with SFTP. If you use SFTP, each flow of information will be converted into unique encrypted aliases.
It's like speaking in sign language that only you and your friends know. Thus, other people who hear it will not be able to translate the conversation between the two of you. As a result, information is safer.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Why Use SFTP?
By using SFTP, your website will get these advantages:
- Transfer connections are always secure;
- Passwords or data files are not easy for foreign parties to read;
- Ensuring the person logging into the server is not a threat;
- Checking the authenticity and source of data;
- Meets security requirements of international laws, such as SOX (for investors, finance, etc.), HIPAA (for medical fields), etc.
Even so, that doesn't mean SFTP doesn't have its drawbacks. In terms of operation, of course it's easier to use FTP than SFTP. This is because SFTP requires quite a bit of technical skills.
How to Use SFTP in cPanel
How do you use SFTP for safer hosting? Here's how to use SFTP on cPanel.
- Download FileZilla Software;
- Generate SSH Access;
- SFTP configuration
For more details, please follow the following guide.
1. Download and Install FileZilla Software
First, download and install the FileZilla software. FileZilla is used to transfer data between hosting and computers.
Once it's done downloading, install FileZilla by following the installation prompts.
2. Generate SSH Keys
At this stage, you will generate a Public Key and a Private Key. Even though they are both used to encrypt (convert data to a specific code) and decrypt (translate encrypted files), there are big differences:
Public Key → encrypt and decrypt data to share with data recipients;
Private Key → is only used to encrypt data and decrypt data so that it can be understood by the user.
Here's how to get the Public Key and Private Key from cPanel.
a. Login to cPanel
First, login to your cPanel account. Enter your cPanel username and password then click Log in.
b. Select SSH Access
After entering the cPanel dashboard, look for the Security menu and select the SSH Access feature as in the image below.
c. Select Manage SSH Keys
Then click the Manage SSH Keys button on the next page
d. Generate a New Key
After that, click Generate a New Key to get a new Public Key.
e. Fill in the Key Information
On the next page, you will be presented with a form that you must fill in. The following is the explanation.
- Key Name: The name of the key to be used. by default the system will use the key name id_rsa. You can change the name of the key according to your wishes.
- Key Password: Password that will be used for the Public Key.
- Re Enter Password: Retype your password
- Key Type: The type of key that will be used for the public key, in this guide we use
- Key Size: The size of the key file.
After you fill in the Public Key information, click Generate Key to save the Public Key.
If you successfully create a Public Key, you will be directed to the following page. Click Go back to continue the Generate Keys process.
f. Authorize Public Key
Then you need to authorize the Public Key that you created by clicking the Manage button then clicking Authorize. After that, click Go Back to return to the SSH Access page.
g. Download Private Key
After Authorizing the Public Key, scroll down to Private Keys and click View/Download then click Download Key.
Well, you have managed to get a .ppk file that can be used to connect localhost to SFTP.
3. Configure SFTP
After getting the Public Key, now you can configure it to connect to the hosting via SFTP and use the FileZilla Software.
Let's follow the steps below:
a. Add Private Key
Open the FileZilla application then click the Edit menu and select Settings to add the .ppk file that you have downloaded.
Next, you will be directed to the Settings page then click the SFTP menu and add a key by clicking Add key file.
After that, file explorer will open, then look for the .ppk file and click Open. Then, click OK to save changes.
b. Add Site Manager
After adding the keys to SFTP, add the hostname, port, username, and password to the site manager menu. The way to do this is to click the File menu then select Site Manager.
Next, click New Site to login to your hosting. You will be given a form to fill in the following form:
- Protocol: Select the type of protocol used. Select SFTP
- Host: Enter the host name of your hosting
- Port: Enter the port on your web hosting..
- Logon Type: Select normal
- User: Type your FTP/cPanel hosting user name
- Password: Enter your cPanel hosting password
If you have filled it in accordingly, click Connect to enter the hosting file manager via SFTP.
Then you will get a pop up like the image below which provides information regarding the hosting used. Click OK to continue the login process.
If you successfully log in via SFTP, you will be directed to your hosting directory page.
.jpg)
After successfully entering the hosting directory via SFTP, you can perform file access, file transfer and file management safely.
How to Use SFTP on VPS
Apart from cPanel, you can also use SFTP on VPS, you know. The following is a guide on how to use SFTP on a VPS.
1. How to Connect to SFTP
First, make sure you are connected to SFTP. If you are not yet connected to SFTP, enter the following command into the command line to log in using SFTP.
sftp root@Your_Server_IP_or_HostName
When running the command above, you will be asked to enter the password for your user or hostname.
The above command will connect you to the remote system and your prompt will change to an SFTP prompt as shown below.
To exit the SFTP prompt, you can simply use the following command:
exit
2. Learn Basic SFTP Commands
If you are a new SFTP user, there is no need to worry. Because SFTP provides a help feature to find out the basic commands in SFTP.
To see the basic commands in SFTP, just use the help or '?' command whose output will be like the image below
3. Navigate with SFTP
When logged into a remote server, the default directory used is the home directory. To check, you can use the following command:
pwd
The output will be like in the image below. This means you are in the home working directory.
To see a list of files in the home directory, you can use the following command:
ls
You can also move to another directory. For example, below we move from the root directory to the etc directory:
cd /etc
You can adapt the above command to your own directory. To confirm the directory location, check using the pwd command to your command line.
4. Transfer Files With SFTP
With SFTP you can also transfer files safely. The following is how to transfer files using SFTP.
a. Download Files with SFTP Command
To download a file using SFTP, make sure you are in the directory where the file is saved. To download a single file from a remote server, use the following command:
get filename.zip
The output will be like below:
Fetching /home/remote_username/filename.zip to filename.zip/home/remote_name/filename.zip 90% 28MB 1.8MB/s 00:14
If you want to save the downloaded file using a different name, you can use the new name as the second argument to the command as in the following example:
get filename.zip differentfilename.zip
The description of the command above is as follows:
filename.zip is the file to be downloaded and filenamebeda.zip is the result of the downloaded file.
b. Upload Files with SFTP Commands
Before uploading files from your computer, make sure you are in the directory for the files to be uploaded. Then you can use the following command to start uploading files from your computer:
put filename.zip
The output will be like below:
Uploading filename.zip to /home/remote_username/filename.zipfilename.zip 90% 15MB 1.8MB/s 00:07
If the file upload process to the server directory fails, you can repeat it using the following command:
reput filename.zip
5. Learn Basic SFTP Commands
The following are some basic commands that are often used when using SFTP for remote servers.
a. Check Disc Information
You can check the disk or storage information on your server using the following command:
df
b. Create Directory
To create a directory on a remote server, you can use the following command:
mkdir directory_name
Rename Files
To change the file name on the remote server, enter the command below:
rename old_file_name new_file_name
c. Delete Files
To delete files on a remote server, you can use the following command:
rm file_name
d. Change File Permissions
You can also change file permissions when using a remote server. the trick is to use the chmod command. Here are the complete commands:
chmod 644 file_name
e. Change File Owner
To change the file owner permissions on the remote server, use the following command:
chown user_id file_name
f. Change File Group Owner
You can change the owner of a file group using the following command:
chgrp group_id file_name
So, that was how to use SFTP on both cPanel and VPS. By using SFTP, it will be easier to back up and upload files safely to hosting.
What Websites Require SFTP?
If your website processes sensitive information, we recommend using SFTP. Maybe it's still fresh in your memory, Tokopedia was in an uproar because its user data was leaked. In fact, there are people who sell it on the dark web.
Fortunately, Tokopedia has installed a fairly tight security system. As a result, hackers can only rob encrypted files so they can't translate them. That way, the confidentiality of user data is maintained.