How to Use SFTP on Linux

SFTP is available on every Linux system that has OpenSSH installed, which is virtually all of them. No additional packages to install, no configuration required. If you can SSH into a server, you can SFTP into it using the same credentials.

This guide covers everything you need to use SFTP on Linux – checking if the client is installed, connecting to a remote server, transferring files, setting up SSH key authentication for passwordless logins, and fixing common connection problems.

Checking if SFTP is installed

On most Linux distributions, the SFTP client is installed as part of the openssh-client package. Check if it is available:

bash

which sftp

If installed, this returns the path:

/usr/bin/sftp

Check the version:

bash

sftp -V

Installing the SFTP client

If sftp is not found, install the OpenSSH client package.

Ubuntu and Debian:

bash

sudo apt update
sudo apt install openssh-client

RHEL, CentOS, Rocky Linux, AlmaLinux:

bash

sudo dnf install openssh-clients

Arch Linux:

bash

sudo pacman -S openssh

The SFTP client is almost never missing on a standard Linux installation. If it is, you are likely on a minimal container or embedded system image.

Connecting to an SFTP server

Basic connection

bash

sftp username@hostname

Replace username with your account username and hostname with the server address or IP. You will be prompted for your password:

username@hostname's password:

On successful login, you see the SFTP prompt:

sftp>

From here you can run SFTP commands to navigate and transfer files.

Connecting on a non-standard port

The default SSH/SFTP port is 22. Hostney uses standard port 22 for all SSH and SFTP connections.

Connecting with an SSH key

Password authentication works, but SSH key authentication is more secure and more convenient – no password prompt on every connection. If you have already set up an SSH key:

bash

sftp -i ~/.ssh/id_ed25519 username@hostname

If your key is stored at the default location ( ~/.ssh/id_rsa or ~/.ssh/id_ed25519 ), SSH finds it automatically and you can omit the -i flag:

bash

sftp username@hostname

Setting up SSH key authentication is covered in detail below.

Connecting to a specific remote directory

By default, SFTP starts you in your home directory on the remote server. To start in a specific directory, append it to the connection command:

bash

sftp username@hostname:/var/www/html

Verbose output for debugging

If the connection fails or behaves unexpectedly, verbose mode shows the full SSH handshake and authentication process:

bash

sftp -v username@hostname

This is the most useful tool for diagnosing connection problems.

Transferring files

Once connected, you have a local working directory (on your Linux machine) and a remote working directory (on the server). Most SFTP commands operate on the remote side. Commands prefixed with l operate locally.

Upload a file

sftp> put localfile.txt

Uploads localfile.txt from your current local directory to your current remote directory.

Upload to a specific remote path:

sftp> put localfile.txt /var/www/html/localfile.txt

Upload a directory recursively

sftp> put -r /home/user/myproject /var/www/html/

This uploads the entire myproject directory and all its contents.

Download a file

sftp> get remotefile.txt

Downloads remotefile.txt from the current remote directory to your current local directory.

Download a directory recursively

sftp> get -r /var/www/html/wp-content/uploads /home/user/backups/

Navigate directories

sftp> pwd          # show remote directory
sftp> lpwd         # show local directory
sftp> cd /var/www  # change remote directory
sftp> lcd ~/files  # change local directory
sftp> ls -la       # list remote directory contents
sftp> lls          # list local directory contents

For the complete reference of all SFTP commands, see SFTP Commands: A Complete Reference Guide.

Setting up SSH key authentication

SSH key authentication replaces your password with a cryptographic key pair. Once set up, you connect without entering a password. It is both more convenient and more secure than password authentication.

Step 1: Generate an SSH key pair

If you do not already have an SSH key pair, generate one:

bash

ssh-keygen -t ed25519 -C "your-description"

Ed25519 is the modern recommended algorithm. The -C flag adds a comment to identify the key – use something descriptive like your email or machine name.

You will be asked where to save the key (press Enter to accept the default ~/.ssh/id_ed25519 ) and whether to set a passphrase:

Enter file in which to save the key (/home/user/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):

A passphrase adds another layer of protection – even if someone steals your private key file, they cannot use it without the passphrase. For production servers, a passphrase is recommended. For scripted or automated connections, you may need to omit it or use ssh-agent.

This creates two files:

• ~/.ssh/id_ed25519 – your private key. Never share this.
• ~/.ssh/id_ed25519.pub – your public key. This goes on the server.

Step 2: Copy your public key to the server

The easiest way is ssh-copy-id :

bash

ssh-copy-id -i ~/.ssh/id_ed25519.pub username@hostname

This appends your public key to ~/.ssh/authorized_keys on the server and sets the correct permissions. You will be prompted for your password one final time.

If ssh-copy-id is not available, copy the key manually:

bash

# Display your public key
cat ~/.ssh/id_ed25519.pub

# SSH into the server and add the key
ssh username@hostname
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "your-public-key-here" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

On Hostney, SSH public keys are managed through the control panel. See the SSH keys guide for the specific steps.

Step 3: Test the connection

bash

sftp username@hostname

If set up correctly, you connect without a password prompt. If you set a passphrase on your key, you will be prompted for that instead.

Using ssh-agent for passphrase management

If you set a passphrase on your key, typing it on every connection becomes tedious. ssh-agent stores decrypted keys in memory so you only enter the passphrase once per session:

bash

# Start ssh-agent
eval $(ssh-agent)

# Add your key (you will be prompted for the passphrase once)
ssh-add ~/.ssh/id_ed25519

# Now connect without any password prompt
sftp username@hostname

Most modern Linux desktop environments start ssh-agent automatically on login. Check if it is already running:

bash

echo $SSH_AUTH_SOCK

If this returns a path, ssh-agent is running and you can just run ssh-add .

Practical SFTP workflows on Linux

Deploying a website

Upload your project files to the web root:

bash

sftp username@hostname

sftp> cd /var/www/html
sftp> put -r /home/user/myproject/public .
sftp> exit

Backing up WordPress files

Download the entire WordPress installation:

bash

sftp username@hostname

sftp> lcd /home/user/backups
sftp> get -r /var/www/html/wordpress
sftp> exit

For a complete WordPress backup including the database, see How to back up WordPress manually.

Scripting file transfers

For automated or scheduled transfers, use batch mode with SSH key authentication:

bash

#!/bin/bash
sftp -b - username@hostname << 'EOF'
cd /var/www/html/uploads
put /home/user/newfiles/* .
exit
EOF

Save this as a script, make it executable ( chmod +x script.sh ), and run it from a cron job for scheduled transfers.

Or use a here document with a commands file:

bash

# Create commands file
cat > /tmp/sftp_commands.txt << EOF
cd /var/www/html
put /home/user/update.zip
exit
EOF

# Run SFTP with commands file
sftp -b /tmp/sftp_commands.txt username@hostname

# Clean up
rm /tmp/sftp_commands.txt

Transferring large files efficiently

For large files, enable compression to speed up the transfer:

bash

sftp -C username@hostname

The -C flag enables SSH compression. It helps significantly for text files and uncompressed data. It provides little benefit for already-compressed files like ZIP archives, JPEGs, or videos.

Limit transfer speed to avoid saturating your connection:

bash

sftp -l 5000 username@hostname

-l 5000 limits to 5000 Kbits/second (approximately 625 KB/s).

Common connection problems

Permission denied (publickey,password)

username@hostname: Permission denied (publickey,password).

Either the wrong password, or the server requires SSH key authentication but no key is configured. Check:

1. Is the username correct?
2. Is the password correct?
3. Does the server’s ~/.ssh/authorized_keys contain your public key?
4. Are the permissions correct on ~/.ssh/ (700) and ~/.ssh/authorized_keys (600)?

Run with -v to see exactly where authentication is failing:

bash

sftp -v username@hostname

Connection refused

ssh: connect to host hostname port 22: Connection refused

Either port 22 is not open, the SSH service is not running, or you need to use a different port. Check with your hosting provider for the correct SSH port.

Host key verification failed

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

The server’s host key no longer matches what is stored in ~/.ssh/known_hosts . This can happen when:

• The server was rebuilt and has new SSH host keys
• The server’s IP was reassigned to a different machine
• A man-in-the-middle attack is in progress (rare, but worth considering)

If you know the server was legitimately rebuilt, remove the old entry:

bash

ssh-keygen -R hostname

Then reconnect and accept the new host key. If you did not expect the server to change, contact your hosting provider before proceeding.

Connection timeout

ssh: connect to host hostname port 22: Connection timed out

The server is not reachable on port 22. Check:

1. Is the hostname or IP correct?
2. Is there a firewall blocking outbound port 22 on your network?
3. Is the server online?

Test connectivity:

bash

nc -zv hostname 22

If this also times out, the problem is network connectivity or a firewall, not your SSH configuration.

Broken pipe during transfer

If large file transfers fail with a broken pipe error, the SSH connection is timing out. Add these options to prevent keepalive issues:

bash

sftp -o ServerAliveInterval=60 -o ServerAliveCountMax=3 username@hostname

This sends a keepalive every 60 seconds, preventing the connection from being dropped by firewalls or NAT during long transfers.

You can add these permanently to ~/.ssh/config :

Host *
    ServerAliveInterval 60
    ServerAliveCountMax 3

SSH config for frequently used servers

If you connect to the same server often, add it to ~/.ssh/config to avoid typing the full connection string every time:

Host myserver
    HostName example.com
    User john
    Port 2222
    IdentityFile ~/.ssh/id_ed25519
    ServerAliveInterval 60

Now connect with just:

bash

sftp myserver

SSH config entries work for both ssh and sftp commands.

Summary

SFTP on Linux requires no installation beyond what comes with OpenSSH, which is present on every standard Linux distribution. Connect with sftp username@hostname, use put and get for file transfers, and set up SSH key authentication to avoid typing your password on every connection. For scripted transfers, batch mode with SSH keys enables fully automated file management. Common connection problems are almost always authentication-related – running sftp -v shows exactly where the connection is failing.