ENCRYPTED FILE TRANSFER WITH SFTP (SSH/SECURE FILE TRANSPORT PROTOCOL)
- Layout for this exercise:
1 - Introduction to SFTP
- SFTP (SSH or Secure File Transport Protocol) is a network protocol that provides encrypted file access, file transfer, and file management over any reliable data stream.
- SFTP was designed by the IETF (Internet Engineering Task Force) as a subsystem of SSH, sharing the same port 22 by default.
- SFTP assumes that it is run over a secure channel, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol.
https://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol
- Linux manual for SFTP:
2 - Installing and starting SFTP
- Because SFTP is dependent on the very common service SSH it is usually installed by default. However, just in case it is not installed and activated, follow the next instructions.
- Installing and starting the service SSH at Debian:
- Installing and starting the service SSH at Kali:
3 - Connecting with SFTP
- From Kali let's start an SFTP connection to Debian using user marie:
- Determining the remote current directory with pwd:
- To have help about SFTP commands just use the command ?:
4 - GET command to download files with SFTP
- Debian has got a local file that Kali is interested to download:
- Searching for the file remotely from Kali:
- Changing to the directory that holds the file:
- Listing the file:
- The command get followed by the filename downloads it from Debian to Kali:
- Checking that the downloading process has been successful:
5 - PUT command to upload files with SFTP
- Creating a new directory remotely at Debian from Kali:
- Changing to the new directory:
- Kali has got a local file that is going to be uploaded to Debian:
- The command put followed by the path to the local file and its filename triggers the uploading process:
- Checking that the uploading process has been successful:
6 - RM command to remove files remotely with SFTP
- Now, let's remove the uploaded file with rm command:
- Checking that the removal has been successful:
7 - Analyzing the encrypted SFTP connection with Wireshark
- Starting Wireshark at the Kali machine:
- Applying filter: ssh (because SFTP is a subsystem of SSH) the whole connection between Debian (192.168.1.18) and Kali (192.168.1.19) is available. Let's notice that the destination port at Debian is port 22, as expected:
- It is interesting to check that the whole connection is encrypted, so a potential sniffer could not access to the real contents of the transfer. For instance:
- Also, applying Follow TCP Stream option, the stream is displayed encrypted:
