User Guide - SFTP (SSH File Transfer Protocol)


Applicable Plans - all eApps General VPS Plans

User Guide - SFTP (SSH File Transfer Protocol)

This User Guide will walk you through the  basic setup to start using SFTP to connect to your eApps VPS. Because SFTP is part of the SSH Protocol Suite, there is nothing to install on the VPS.

Overview

 It is important to understand that despite the similar sounding names, FTP (File Transfer Protocol) and SFTP (SSH File Transfer Protocol or Secure File Transfer Protocol) are not the same thing. They belong to completely different protocol suites.

SFTP is not FTP run over SSH, nor is it Simple File Transfer Protocol. SFTP was designed from the ground up to be part of the SSH2 protocol. Because of this, there are differences in how each is used on your VPS. One very important difference is that an FTP user does not have command line access to the VPS, while an SFTP user does. For more information on FTP, see the FTP User Guide.


Installing SFTP

Using SFTP
SFTP Users and Passwords
How to set the root user’s password
How to change an FTP only user into an SFTP user
SFTP Client Configuration
WinSCP
Cyberduck

Restarting SSH
Links to other information

Installing SFTP 

SFTP is installed by default on your VPS, because SSH is installed by default on your VPS, and SFTP is part of the SSH2 protocol suite.


Using SFTP

SFTP can be used for any task where FTP would be used. However, a user that can connect using SFTP also has command line access to the VPS using SSH. Depending on your users, this might or might not be something you want to allow.

In general, eApps would prefer that you use SFTP instead of FTP for connections to your VPS, because the connection is encrypted. However, it is up to you to decide if allowing your users to have command line access is acceptable.

SFTP Users and Passwords

To access the directories where the Tomcat, JBoss and Glassfish application servers keep their files, or any of the directories outside of the home directories for the Admin users of the sites, you need to connect as the root user, with the the root user’s password.

Warning The root user is the system superuser, and has the access rights to add, modify and delete any file or directory on the VPS with no restrictions. 

This means that as the root user, you can delete files or directories that can render your VPS totally inoperable, to the point that it has to re-provisioned back to its original state. There will be no warning messages or chances to undo.

Before you edit, remove, move or otherwise modify any files on your VPS as the root user, make certain you know what that file or directory does. It is always a good practice to make a backup of any file before you edit it, so that any changes can be reverted back if necessary.


In case you accidentally delete a file or directory that doesn't affect the operation of the VPS, the file or dircectory can be restored from the last backup of the VPS, usually taken in the overnight hours of the US EST/EDT, GMT -5/GMT -4. There is a $15 charge for this, and depending on when the file or directory was created or last modified, what we have available from our backup might not be the most recent working copy of that file or directory. Making a backup of a file before you edit it is always the best solution.

How to set the root user’s password

To set the root user’s password (if you do not already know it), login to your Control Panel, and click on the System Tab. If necessary, click the Select Another System (Subscription) link on the left and choose the correct Virtuozzo container.

Then, click on Users and Groups, and then Users. The root user is the first  user in the list. Click on root, and there will be a place to set or change the password.

The password must be a minimum of six characters, and must contain letters, numbers and special characters, such as !@#$%. This requirement is strictly enforced, and cannot and will not be changed.

You will have to then re-enter the password to make sure that it was typed correctly the first time. Once the password has been set or changed, click Update. If the password you have chosen does not meet the requirements for correct length and/or strength you will be shown an error describing the problem, and will be asked to enter a new password.


Note eApps support will never know what the password is for any user, including the root user. The passwords are encrypted, and we cannot retrieve them. We will not change them for you without verifying that you have the authorization to request those changes, and we will generally ask you to change them yourself with our direction. Do not send your passwords in support tickets.

How to change an FTP only user into an SFTP user

To change a user that can only connect via FTP into a user that can connect via SFTP,  login to your Control Panel, and click on the System Tab. If necessary, click the Select Another System (Subscription) link on the left and choose the correct Virtuozzo container.

Then, click on Users and Groups, and then Users. Click on the user, and in the drop down menu for Shell, change the shell from /sbin/nologin to /bin/bash, and click Update. You can choose from any of the shells offered, but the bash shell is the most common. If you are more familiar with one of the other shells offered, then you can certainly pick that one.


Changing an FTP only user to an SFTP user does not give them any privileges that they did not already have. When they login, either with SFTP or on the command line with SSH, they will still only have access to the files in their home directory.


SFTP Client Configuration

There are dozens of SFTP clients, both free and not free, command line and GUI, for all operating systems. Many FTP clients also have the ability to be used as SFTP clients. See this page for a comparison of SFTP client software – scroll down to the section on Protocol support to see the clients that can use SFTP: http://en.wikipedia.org/wiki/Comparison_of_FTP_client_software

Note Because of the large number of SFTP clients available, it is not possible for eApps to offer support for any SFTP client beyond the most basic of configuration questions. It is up to the user to read all documentation and to fully understand how their SFTP client works.

As a courtesy, here are the basic settings for the SFTP clients that our customers most often ask about: WinSCP for Windows 95 or better, and CyberDuck for Mac OS X 10.4 or newer.. These are both free and open-source SFTP clients, and both are highly configurable and can also be used as FTP clients.

WinSCP

WinSCP for Windows 95 or better can be downloaded from a link on the WinSCP website – http://winscp.net/eng/index.php. Once it is installed, here are the basic settings to use to connect to your VPS with the root user and password. You can substitute another user here if you are going to connect as that user.
  • Hostname – the name of your VPS or site in the format of example.com
  • Port number – should default to 22
  • User name – the name of the user you are going to connect as, usually root
  • Password – the password for that user
  • Private key file – can be left blank
  • File protocol – by default, this is set to SFTP with a check for Allow SCP fallback. If you wish to connect using FTP, this is where the setting is changed
  • Click on Login to connect

If you have set up WinSCP correctly, but are unable to connect to your VPS using SFTP, please contact eApps Support so that we can verify that your VPS is accepting SSH connections. If you have further questions about using WinSCP beyond what is covered here, please read the official WinSCP Documentation or visit the WinSCP support forums for more information.

Cyberduck

Cyberduck for Mac OS X 10.4 or better can be downloaded from a link on the Cyberduck website – http://cyberduck.ch/. Once it is installed, here are the basic settings to us to connect to your VPS with the root user and password. You can substitute another user here if you are going to connect as that user.

  • Click on Open Connection
  • Protocol – select SFTP(SSH File Transfer Protocol) from the drop down list
  • Server – enter the name of your site or VPS in the format of example.com
  • Port – it should be set to 22
  • Username – the name of the user you are going to connect as, usually root
  • Password – the password for that user
  • Click Connect to connect

If you have set up the Cyberduck SFTP client correctly, but are unable to connect to your VPS using SFTP, please contact eApps Support so that we can verify that your VPS is accepting SSH connections. If you have further questions about using the Cyberduck SFTP client beyond what is covered here, please read the official Cyberduck Documentation or visit the Cyberduck support forums for more information.


Restarting SSH

To restart the SSH service, log in to the Control Panel, click on the System Tab.  If necessary, click the Select Another System (Subscription) link on the left and choose the correct Virtuozzo container. Scroll down to Service Management, and then click on Services. Find sshd in the list, and click on it. You will be able to Stop/Start/Restart the SSH service here.

If you receive any errors, or find you still cannot connect via SSH after restarting sshd, please contact eApps Support.


Links to other information

SFTP overview - http://en.wikipedia.org/wiki/SSH_file_transfer_protocol
FileZilla  - http://filezilla-project.org/ (FileZilla can be used as an SFTP client)
eApps SSH User Guide - http://support.eapps.com/hsp/ssh

Comments

Please login to comment