How to Use WinSCP to Securely FTP Files

Call Sales: 877-435-2445

Linux Services

Blog

How to Use WinSCP to Securely FTP Files

Posted by Jeff H. 09/01/2010

One of the war chants here at rackAID, is “Use Secure FTP.” While more and more legacy FTP clients now support FTP, I’ve always recommended WinSCP. It is easy to use and free. I would rather you use a secure tool than have to tap our Linux security services to clean up after an attack.

Last summer and again this year, I’ve started seeing a rise in FTP-based attacks on web sites. The malware listens for the username and password and then sends this off to a command and control center so bots can later infect your site with malware. If your site gets hit, you may find yourself needing to remove your site from Google’s malware system.

Fortunately, you can avoid most of these headaches by not using clear text protocols and switching to secure FTP (SFTP) or secure copy (SCP) tools such as WinSCP

Secure FTP

If you need a program that supports secure file transfers, I suggest the free WinSCP. Here’s a brief tutorial to help you get it set up. You can download WinSCP for free.

Secure File Transfer Tutorial

Your FTP Client

Most FTP clients now support secure FTP. They may call it secure copy, FTP over SSL, or SFTP. While the naming of the service is often technical incorrect, you will find it will work fine with most servers. So dig into those help files and find the secure file transfer option for your client.

Valid Shell

By default, most servers, such as those using Plesk, will require that your user account have a valid shell account to use SFTP. If you cannot connect, this could be an issue. If you look at the errors, you will typically see a successful connection but then it drops. Adding a shell (such as /bin/bash) to your account will resolve this.

FTP Firewall Issues

If you have issues with FTP due to a firewall, switching to SFTP may help. FTP uses two different ports, one for the command channel and the other for data transfer. If firewalls are not configured properly on both ends of the connection, you will often get odd results. For example, you may connect but when you try to get a directory listing it will hang. SFTP avoids these issues by using the SSH port 22 for both the data and command functions.

Favorite FTP Client

Let me know your favorite FTP client. I am always looking for easy to use, free FTP clients to recommend to clients.

Related Resources

Comments

Mike commented on How to Use WinSCP to Securely FTP Files

Mike · 09/08/2010 12:55 pm

Passing archives around is much more secure because they can be passworded and it doesn’t matter what instructions are read, nothing will give the password away.

Jeff commented on How to Use WinSCP to Securely FTP Files

Jeff · 09/08/2010 02:03 pm

Mike
WinSCP secures the data communication channel while password protected archives attempts to prevent an archive by being opened by someone. 

However, many password tools used with archives are very poor and easily broken.

If you need to assure your data is obtained by the wrong parties, then you want to use encryption, such as PGP or GnuPG.

Add Comment

Notify me of comments?

Server Management

SUBSCRIBE

rackAID Server Management Blog RSS Feed Follow rackAID Server Management on Twitter I Like rackAID's Server Help Contact rackAID about IT Support

Find Out More

Our Blog