SFTP

From DreamHost
Jump to: navigation, search

DreamHost supports SFTP (SSH FTP)

  • SSH File Transfer Protocol is a network protocol designed by the IETF to provide secure file transfer and manipulation facilities over the secure shell (SSH) protocol.
  • SFTP is NOT just FTP run over SSH, but rather a new protocol designed from the ground up. It is often called Secure FTP because it uses an encrypted transport layer.

NOTE: SFTP may also refer to Simple File Transfer Protocol, an unsecured and rarely-used file transfer protocol from the early days of the Internet. This is NOT what we provide.

NOTE: SFTP is not the same as FTPS! FTPS is traditional FTP, encrypted using SSL. Dreamhost does NOT support FTPS.

Requirements and Setup

To use SFTP, the user account you want to access must be configured with the proper account type. You can do this in the control panel under (USERS > MANAGE USERS) then clicking on the "Edit" link for the user account in question.

Then select either of these "User Account Type:" options.

  • "Shell account - allows FTP plus ssh/telnet/sftp access."
  • "SFTP account - sftp (SSH ftp) file transfer access only."

Please see Enabling Shell Access for full instructions on how to do this.

NOTE: "FTP" type accounts can NOT be accessed using the SFTP protocol!"

NOTE: If you have just changed your user account it will take the system a short period of time to push the change to the live server! So please be patient. I'd recommend waiting at least 15 minutes before trying to access this account using SFTP if you have just changed its configuration.

NOTE: If you configure your account as a Shell account you can disallow FTP access if you like by checking that option.

Connection Settings

Use the same connection settings as you would for SSH!

  • Server: yourdomain.com (The one you want to transfer files to ie: your actual domain name OR servername.dreamhost.com )
  • Server type/protocol: SFTP (Using SSH2)
  • Port: 22
  • Login type: Normal (username/password)
  • User: Username (From (USERS > MANAGE USERS) section in the our control panel)
  • Password: Your Password from above

You should now be able to log in and transfer files just like you would with FTP, but now it's secure.

NOTES

"What are these files/folders?"

When logging into your account using SFTP you may notice some differences from what you would normally see when you logged in with a normal FTP client!

Step 1: DON'T PANIC!

Step 2: Read the following...

  • FTP accounts are restricted to ONLY allow access to that users home directory and any of its subdirectories and files. This means that if you log in as "uruser," then the only directory you are allowed to see is /home/uruser.
  • However, when you use the SFTP protocol to access your accounts the rules are a bit different. You're basically accessing the account as you would if you had logged into the Shell, but you're doing it graphically rather than using a command line interface. This also means that you may be viewing the root (base) of the computer, /, rather than your home directory. If you see a number of folders (like bin, home, mnt, var, boot, etc) then you need to change your directory to /home/your_user_name.
  • You may notice that the path to your users home directory contains some weird ".something" subdirectory that you don't recognize (ie: /home/.zagnut/username/). In this example ".zagnut" is a [normally] hidden folder where your users home directory is mounted. This is normal. FTP accounts never see this but they have always been there (the way our system is configured). You can view the contents of that directory and you'll see the other users home directories on your server. However, as your account does NOT have permissions to enter other directories (except for those in your same group) you won't be able to access them, view their files, etc.. So this is nothing to worry about. Other users outside of your group can't access your files either. These are the normal rules of group ownership permissions applies to other accounts in your same group! See these other Wiki articles for more information. Unix_File_Permissions, Unix_Groups and Unix_File_Permissions_Cookbook
  • If you want to ensure that a particular users home directory can NOT be accessed by other users (even those in your same group) you can enable "Enhanced security?" option for that user.
  • You may notice that you can also go down to other directories above the /home directory. That's normal as all user have some level of access to those directories. However as a regular user you won't be able to view files that your user shouldn't have access to and won't be able to make any things that would harm the server. See this Wiki link for more information on that. Security
  • HIDDEN FILES/DIRECTORIES: On unix system hidden files are those that begin with a period (.) in their name. As with FTP clients SFTP clients usually have an option to "enable/disable viewing hidden files". If that is enabled you'll be able to see these files/directories (if your user has permissions to do so). If you are having problems deleting a directory (that you do have the correct permissions to delete) and it gives you an error saying "directory not empty" it may be that there are hidden files/directories in that directory that your client is not allowing you to see. Check your program options before going further. If you do have the option enabled to view hidden files/directories and still cannot delete a directory please contact support for assistance. Give them the server, user account and full path to the directory you are trying to delete so they can investigate.

If you have any questions regarding this type of access (after first reading the linked Wiki articles) please contact support via the control panel (SUPPORT > CONTACT SUPPORT).

SFTP Clients

Here are some links to more information regarding SFTP client software packages that we've found to work accessing our servers. Please note that you may need to modify the default connection parameters when using some of these client software packages.

  • FileZilla For: Windows, Mac & Linux. (Allows you to preserve original file timestamps) freeware
  • WinSCP For: Windows. (Allows you to preserve original file timestamps) freeware
  • psftp For: Windows. (PsFTP comes with the excellent putty ssh client. It's somewhat annoying to use) freeware
  • Macromedia/Adobe Dreamweaver built-in SFTP — For: Windows & Mac (tested on Macromedia Dreamweaver 8.0.2 for Windows, but should work on any but the very earliest versions — simply check the “Use Secure FTP (SFTP)” checkbox on either or both of Remote and Testing Server in the Site Definition (in the Advanced tab in more recent versions) as needed, and make sure that the “Host directory” is set properly [never use “/” alone — leave it empty if you want to access the user’s home directory]!)
  • CyberDuck For: Mac. (Open Source SFTP client) freeware
  • ExpanDrive For: Windows or Mac. (Mount SFTP as a drive)
  • Transmit For: Mac.
  • FireFTP For: Firefox web browser

Incompatibility

As new versions of the SFTP protocol or OpenSSH libraries are released, DreamHost may need to upgrade for security reasons. If your client is all of a sudden unable to complete the handshake when connecting, you will need to upgrade your client as well. You can determine the version in use at DreamHost by simply telnet to port 22 at ftp.[yourdomain] and noting the banner.