Secure File Transfers using SCP and SFTP

There are many choices available for securely transferring files using different operating systems. Instructions for using some popular programs can be found here:

Dreamweaver MX 2004 (and up)

Please note that versions of Dreamweaver prior to Dreamweaver MX 2004 do not support SFTP. See below for a possible workaround.

Dreamweaver, a program used for the design and maintenance of web pages, has the ability to transfer files from the computer on which it's being run to the server where your web pages reside. Dreamweaver allows a choice of transferring files with FTP or SFTP. IMSS recommends using SFTP when using Dreamweaver to maintain a website on an IMSS-run web server, or on any web server that supports SFTP, because your password as well as your files themselves will be transmitted in encrypted form.

To set up Dreamweaver MX 2004 or higher so that it will transfer files to the server securely using SFTP, you will need to edit your Site configuration accordingly. From within Dreamweaver:

  • Click Site then Manage Sites.
  • Select the site you want to edit.
  • In How do you connect to your remote server? check the Use Secure FTP (SFTP) box.
  • Click Next, then Next and finally Done.

Dreamweaver is now ready to transfer files securely using SFTP.

Workaround for secure file transfers in versions of Dreamweaver prior to Dreamweaver MX 2004.

If you are on campus, or are using a VPN connection, it is possible to map your remote home directory on ssh.caltech.edu to your local computer. These instructions will also work for current versions of Dreamweaver. Dreamweaver can maintain a website by accessing files from a "local" mapped network drive instead of using FTP or SFTP.

To map your IMSS home directory from Windows 2000, 2003, and XP:

Note: Mapping your IMSS home directory requires NT Lan Manager v2 (NTLMv2) Authentication. If you encounter problems with the following instructions, please turn on NTLMv2 Authentication. Please click here for instructions detailing how to turn this on.

  • Right-click on the My Computer icon found on the Desktop or in the Start Menu, then select the Map Network Drive... option.
  • The Map Network Drive window appears. Choose a letter from the dropdown box to enter in the Drive: field. This will be the drive letter your system sees your IMSS home directory at. Any drive letter that appears in the list will work. In the Folder: field, enter \\\\files.caltech.edu\\username(where username is your access.caltech username). Click Finish.
  • The Connect to files.caltech.edu window appears. Enter username@ad.caltech.edu in the User name: field. Enter your password in the Password: field. Click OK.

To map your IMSS home directory from a Mac:

The next three lines create a Kerberos ticket via command-line entries. If you would prefer to create a Kerberos ticket via a graphical window, please click here.

  • Open a Terminal or Xterm window.
  • Type kinit username@AD.CALTECH.EDU (where username is your access.caltech username) and press return.
  • Enter your access.caltech password at the prompt.
  • Press Command-K to connect a network drive. (The Command key looks like a four-leaf clover)
  • In the Server Address: field, enter smb://files.caltech.edu/usernamethen click Connect.

Once you have the remote drive mapped/mounted on your local system, you need to set up a "Site" within Dreamweaver. These instructions are for Dreamweaver MX 2004, though previous versions should be similar.

  • Click Site then Manage Sites
  • Select New and then Site.
  • Click the Advanced button at the top of the window that appears.
  • Verify the Local Info line is selected on the left portion of the window.
  • Enter the name of your site in the Site name field.
  • Click the folder icon to the right of the Local root folder field. Browse to the directory on your mapped/mounted drive were you will be saving your files. For example, if you mapped your IMSS home directory as drive letter Z: and your website is stored in your public_html directory, choose Z:\\public_html.
  • Verify that the Refresh local file list automatically option is checked. Click OK.

In your 'Files' window, you can now select the site just created in the dropdown box. After selecting your new site, verify the view is set to Local view and not Remote view. You can now see and work with your files on the remote system in a secure fashion.

 

Frontpage

Microsoft Frontpage, like Dreamweaver, is a program used to design and maintain web pages. Unlike the more current versions of Dreamweaver, Frontpage does not support SFTP. However, it is still possible to publish web pages in a secure fashion. To begin, please see the workaround listed above for Dreamweaver and map your remote home directory to your local computer.

Once the remote directory has been mapped, perform the following to change the location that Frontpage publishes to:

  • Click on File then Publish Site...
  • A two-pane window will appear, with your local site on the left and the remote site on the right. The remote site side shows the last site you connected to. Click on the Remote Web Site Properties icon above the right pane.
  • Select the File System radio button, then click Browse... Select the drive you previously mapped and double-click the directory you want to publish to. Select Open then click OK.

    You should now receive a prompt that states A Web site does not exist at <location_you_chose>. Would you like FrontPage to create a Web site at that location? Select Yes. Verify the Local to remote radio button is selected beneath the right pane, then click the Publish Web site button. Your website is now published to your remotely mapped home directory.

 

WinSCP

There are several editions of WinSCP available from the WinSCP download page . This document covers the "Standalone application" edition of WinSCP 3.8.2. This version is a standalone program, so just that one file, winscp382.exe, is all you need in order to run it (just downloading the file "installs" it wherever you put it).

Configure WinSCP to transfer files by doing the following:

 

  • Start winscp382.exe
  • Enter the server you'll be connecting to (normally ssh.caltech.edu) in the Host name box.
  • Leave port set to the default of 22.
  • Enter your access.caltech username and password.
  • For SCP, click SCP for the protocol. Choose SFTP for Secure FTP.

The first time you connect to a server using SSH, SCP or SFTP, you'll see a warning notifying you that the server's key is a "new host key" (meaning your SSH, SCP or SFTP hasn't seen this key before and can't be sure it belongs to the right server). WinSCP will do this as well. If you really are connecting to the server for the first time, it's generally safe to answer 'Yes' to the warning and continue connecting. After the first connection, your SSH, SCP or SFTP client software will remember the host key for this particular server and you won't continue to see warnings about it unless the server's key changes.

When you connect to a server using WinSCP, a split window will appear with your local computer in the left pane and the remote server in the right pane. Select a file on either side then click the F5 Copy button (or press the F5 key on your keyboard). Then press the Copy button on the confirmation window. You can also create directories and delete files.

SFTP file operations work the same as SCP operations in WinSCP.

 

FileZilla

There are two FileZilla packages available for download. These instructions cover the FileZilla package, which is for client use, not the FileZilla Server package.

Download the FileZilla_2_2_26_setup.exe file from the Filezilla page. Note that the filename may be slightly different as version numbers change.

Run the setup file you just downloaded (FileZilla_2_2_26_setup.exe). Select the options you want to install. Leave the default options if you are unsure, then click the Next > button. Choose the location to install FileZilla to. The default works fine. Click Next. Click Next to leave the default Start Menu folder name.

On the General settings screen, we recommend choosing Use secure mode as this mode does not save passwords. If your computer is used by multiple users, we also recommend use registry for where FileZilla will store its settings. This way if multiple users access FileZilla from one computer, each will be able to have personalized settings. Also select Force registry even if XML file exists.

Click Install, then Close once you see Completed in the Setup window.

Start the program by choosing Start Menu -> FileZilla

Go to the File menu, then select Site Manager or click the Site Manager icon in the upper-left.

  • Click New Site
  • Enter the server you want to connect to in the Host: box. Change Server Type to SFTP using SSH2.
  • Change Logon Type to Normal.
  • Enter your access.caltech username in the User: field.
  • Click Connect. Enter your password. Answer Yes to store the server's host key in your cache.

A split window will appear with your local computer in the left two panes and the remote server in the right pane. Double-click a file on either side to copy it to the other side. You will see the sftp commands in a pane across the top of your screen, and the file progress in a pane across the bottom of your screen.

 

Mindterm SSH

Mindterm is a web-based ssh client that has the ability to perform SFTP and SCP file transfers. It is available to anyone with an IMSS account using a Java-enabled web browser. There must be a version of Java installed on your computer for Mindterm to work. If you are unsure whether you have Java installed, click here. A new window will open and test to see if you have Java installed and enabled, and if so, which version you are running. If you do not have java installed, you can go here, click on the Download Now button under Java Software Free Download, and follow the download/installation instructions. Mindterm is accessible at www.its.caltech.edu/ssh. This copy of Mindterm can only connect to ssh.caltech.edu.

On the Mindterm System Validation screen, enter your access.caltech Username and Password. You have the option of opening Mindterm in a separate (popup) window, or in the browser window. When using a separate window, you will see menu choices listed at the top of the window. These instructions assume that you chose Get Mindterm, Separate Window.

When starting Mindterm for the first time, you will be presented with a few popups before actually getting signed in. The first to appear is a warning mentioning that the Java applet was signed by Appgate Network Security AB and authenticated by Thawte Consulting cc, then asking if you want to trust the certificate. You can choose to Show Certificate, Don't Trust, or Trust. Click Trust to continue. Next is the license agreement. Then you will see MindTerm home directory: /.mindterm/ does not exist, create it? Select Yes. Next is Known hosts directory: /.mindterm/hostkeys does not exist, create it? Click Yes to continue. Finally, you will see Do you want to add this host to your set of known hosts (check fingerprint). Select Yes. Now enter your access.caltech password one more time in the new window to log into ssh.caltech.edu using SSH.

To use SFTP or SCP, click the Plugins menu, then choose SFTP File Transfer or SCP File Transfer. A new window will appear with two panes. The left pane is your local file system, the right pane is the remote file system. To copy a file, select it and then click the arrow between the two panes pointing in the direction you want to copy it to. For instance, to download a file from the server (ssh.caltech.edu) to your local computer, browse for the file in the right pane, select it, then click the arrow pointing left. To upload a file from your local computer, browse for the file in the left pane, select it, then click the arrow pointing right.

 

Fugu

Fugu is an easy to use graphical interface for using SFTP, SCP, and SSH on Mac OS X 10.2 and up.

Obtain the latest version of Fugu at the Fugu Release Archive page. It is easiest to download a disk image (pre-compiled .dmg) file, though the source code is also available should you want to compile it yourself.

To install Fugu from the .dmg file, double-click the file to extract it. The disk image opens and you will see the Fugu application. Drag this to your Applications folder and Fugu is installed. You can safely eject the Fugu disk image at this time.

Start Fugu by double-clicking the Fugu application icon. If you would like to use SFTP, in the Connect to: field, enter the name of the server you would like to SFTP to. Enter your username in the Username: field. You can also enter a port number if you know the server you are connecting to runs FTP on a non-standard port. Once the Connect button is pressed, you will be prompted to enter your password. You can also choose to save your password to your keychain. Click Authenticate and you are now signed in. You will see a window with two panes appear. The left pane contains the contents of your current directory on your local computer. The right pane contains the contents of your current directory on remote server you connected to. Select the file(s) you want to copy and move them from one side to the other. For instance, if uploading files to the remote server, select one or more files in the left (local) pane and drag them to the right (remote) pane. To download files, drag from the right pane to the left pane.

Should you want to use Fugu to SCP rather than SFTP, start Fugu and click New Secure Copy from the SCP menu. Here you will select the item to copy and the remote host to copy to (or from). Once you enter your username and path parameters, click Secure Copy.

For more detailed instructions, please see the official Fugu Documentation pdf file.