Computer NetworksSFTP and SCP

SFTP and SCP: Secure File Transfer Protocols

LevelIntermediate

Duration60 mins

TopicSFTP and SCP

5 / 5

Security Benefits: Defense in Depth for File Transfer

Security as a Foundational Requirement

Secure file transfer isn't a feature—it's a fundamental requirement for modern organizations. The data flowing through file transfer channels often represents an organization's most sensitive assets: financial records, customer data, intellectual property, authentication credentials, and operational configurations.

SFTP and SCP, built on SSH's proven cryptographic foundation, provide multi-layered security that addresses threats from network-level eavesdropping to sophisticated targeted attacks. But security isn't merely about enabling encryption—it requires understanding the threat model, implementing appropriate controls, maintaining compliance with regulatory requirements, and continuously monitoring for anomalies.

This page provides a comprehensive security analysis of SSH-based file transfer: the specific threats it counters, the cryptographic protections in depth, compliance mapping for regulatory frameworks, audit and logging strategies, and enterprise deployment patterns that maximize security while maintaining operational efficiency.

What You Will Learn

By the end of this page, you will understand the complete threat model that SFTP/SCP address, the cryptographic security mechanisms in technical depth, how to map SSH file transfer to compliance requirements (PCI-DSS, HIPAA, GDPR, SOC 2), audit logging strategies and security monitoring, enterprise security patterns and hardening techniques, and incident response considerations for file transfer systems.

Comprehensive Threat Model

Effective security requires understanding what you're defending against. File transfer systems face a diverse array of threats, each requiring specific countermeasures.

Threat Categories:

File Transfer Threat Taxonomy
Threat Category	Description	Impact	SFTP/SCP Protection
Eavesdropping	Passive interception of data in transit	Data exposure, credential theft	Full encryption of all traffic
Man-in-the-Middle	Active interception and manipulation	Data modification, impersonation	Host key verification, MAC integrity
Credential Theft	Stealing authentication credentials	Unauthorized access	Public key auth, no password transmission
Brute Force	Automated password guessing	Account compromise	Key-based auth, rate limiting
Replay Attacks	Reusing captured authentication data	Session hijacking	Session-bound signatures, nonces
Privilege Escalation	Gaining unauthorized access levels	System compromise	Principle of least privilege, chroot
Data Tampering	Modifying files during transfer	Integrity violation	MAC verification on every packet
Denial of Service	Disrupting file transfer availability	Operational impact	Connection limits, rate limiting

Attack Vectors in Detail:

How Attackers Target File Transfer

•Network Sniffing — Attackers position themselves on network paths (compromised routers, WiFi networks, backbone access) to capture traffic. FTP exposes everything; SFTP/SCP render captured packets meaningless without keys.
•ARP/DNS Spoofing — Attackers redirect traffic through their systems by poisoning local network mappings. SSH's host key verification detects this—changed keys trigger warnings.
•Credential Stuffing — Automated attacks using breached credentials from other services. SSH key authentication eliminates password exposure entirely.
•Insider Threats — Authorized users exceeding their access or exfiltrating data. Chroot jails, restricted commands, and audit logging provide defense and detection.
•Supply Chain Attacks — Compromised software or updates delivered through file transfer. SSH integrity protection ensures files aren't modified in transit.
•Zero-Day Exploits — Previously unknown vulnerabilities in SSH implementations. Defense-in-depth, minimal exposure, and rapid patching mitigate risk.

Defense in Depth

No single security control is sufficient. SFTP/SCP provide transport security, but complete protection requires: network segmentation, access controls, monitoring, incident response, and regular security assessments. Each layer catches what others might miss.

Cryptographic Security Architecture

SFTP and SCP inherit SSH's sophisticated cryptographic architecture. Understanding these mechanisms enables informed security decisions and troubleshooting.

The Cryptographic Stack:

SSH Cryptographic Layers

Crypto Stack

SSH Cryptographic Architecture:
 
┌─────────────────────────────────────────────────────────────────────┐
│ APPLICATION LAYER (SFTP/SCP Protocol Messages)                      │
│   Plaintext protocol data handed to transport layer                 │
└─────────────────────────────────────────────────────────────────────┘
                                    │
                                    ▼
┌─────────────────────────────────────────────────────────────────────┐
│ SSH TRANSPORT LAYER                                                  │
│                                                                      │
│  ┌─────────────────────────────────────────────────────────────┐   │
│  │ KEY EXCHANGE (Initial & Rekey)                               │   │
│  │                                                               │   │
│  │  Algorithm: curve25519-sha256 (ECDH on Curve25519)          │   │
│  │                                                               │   │
│  │  Client: Generate ephemeral key pair (a, A = aG)            │   │
│  │  Server: Generate ephemeral key pair (b, B = bG)            │   │
│  │  Exchange: Client sends A, Server sends B                    │   │
│  │  Shared Secret: K = abG (computed by both independently)    │   │
│  │                                                               │   │
│  │  Session Keys Derived:                                       │   │
│  │    Hash(K || H || "A" || session_id) → Client-to-Server IV  │   │
│  │    Hash(K || H || "B" || session_id) → Server-to-Client IV  │   │
│  │    Hash(K || H || "C" || session_id) → Client Encryption Key│   │
│  │    Hash(K || H || "D" || session_id) → Server Encryption Key│   │
│  │    Hash(K || H || "E" || session_id) → Client MAC Key       │   │
│  │    Hash(K || H || "F" || session_id) → Server MAC Key       │   │
│  └─────────────────────────────────────────────────────────────┘   │
│                                                                      │
│  ┌─────────────────────────────────────────────────────────────┐   │
│  │ ENCRYPTION (Per-Packet)                                       │   │
│  │                                                               │   │
│  │  Algorithm: chacha20-poly1305@openssh.com (AEAD)            │   │
│  │                                                               │   │
│  │  For each packet:                                            │   │
│  │  1. Generate 64-byte keystream from ChaCha20                │   │
│  │  2. Use first 32 bytes to encrypt packet length             │   │
│  │  3. Use ChaCha20 to encrypt payload                         │   │
│  │  4. Compute Poly1305 tag over ciphertext                    │   │
│  │  5. Transmit: encrypted_length || ciphertext || tag         │   │
│  └─────────────────────────────────────────────────────────────┘   │
│                                                                      │
│  ┌─────────────────────────────────────────────────────────────┐   │
│  │ INTEGRITY (AEAD or Encrypt-then-MAC)                         │   │
│  │                                                               │   │
│  │  AEAD mode: Poly1305 tag is part of encryption (above)      │   │
│  │  ETM mode: HMAC-SHA2-256 computed over encrypted packet     │   │
│  │                                                               │   │
│  │  Verification: Any bit flip causes authentication failure   │   │
│  │  Result: Connection terminated on tampering detection       │   │
│  └─────────────────────────────────────────────────────────────┘   │
└─────────────────────────────────────────────────────────────────────┘

Perfect Forward Secrecy (PFS):

Modern SSH configurations use ephemeral key exchange (ECDHE), providing Perfect Forward Secrecy:

Forward Secrecy Properties

•Ephemeral keys per session — New key pairs generated for each connection. Session keys never stored.
•Compromise protection — If server's long-term private key is later stolen, past recorded sessions cannot be decrypted.
•No key recovery — Session keys exist only in memory during the session. Destroyed on disconnect.
•Mitigates key escrow — Even with legal compulsion to surrender keys, past communications remain protected.

Verifying Your Security Configuration

Use 'ssh -vv hostname' to see negotiated algorithms. Look for 'kex: curve25519-sha256' (or ecdh-sha2-nistp521 for NIST curves) and 'cipher: chacha20-poly1305' or 'aes256-gcm'. Avoid connections showing legacy algorithms like diffie-hellman-group1-sha1 or 3des-cbc.

Regulatory Compliance Mapping

SFTP and SCP support compliance with major regulatory frameworks. Understanding the mapping between protocol capabilities and compliance requirements enables defensible implementations.

PCI-DSS (Payment Card Industry):

PCI-DSS Requirement Mapping
Requirement	Description	SFTP/SCP Implementation
4.1	Use strong cryptography for transmission	SSH uses AES-256, ChaCha20 for encryption
8.2.3	Unique identification for each user	SSH key per user, identifiable by key comment/fingerprint
8.3	Multi-factor for remote access	SSH supports certificate + OTP via keyboard-interactive
10.2	Audit trail for data access	SSH logging captures all session events
10.5	Secure audit logs	Syslog to hardened log server, immutable storage

HIPAA (Healthcare):

HIPAA Security Rule Mapping
Safeguard	Requirement	SFTP/SCP Implementation
164.312(e)(1)	Transmission security	Encrypted transmission via SSH
164.312(e)(2)(ii)	Encryption of PHI in transit	AES-256 or equivalent encryption
164.312(d)	Authentication	SSH public key or certificate authentication
164.312(b)	Audit controls	SSH logging with user identification
164.312(a)(1)	Access control	SSH authorized_keys with restrictions

GDPR (EU Data Protection):

GDPR Article 32 - Security of Processing

•Pseudonymization and encryption — SSH provides strong encryption for personal data in transit.
•Confidentiality and integrity — MAC verification ensures data integrity; encryption provides confidentiality.
•Availability and resilience — Robust SSH implementations with failover provide availability.
•Regular testing — SSH configuration can be audited with tools like ssh-audit.

SOC 2 (Service Organizations):

SOC 2 Trust Service Criteria
Criteria	Category	SFTP/SCP Controls
CC6.1	Logical Access	SSH key-based authentication, access restrictions
CC6.6	Boundary Protection	SSH on dedicated ports, firewall integration
CC6.7	Change Management	Version-controlled SSH configurations
CC7.2	Anomaly Detection	SSH log monitoring, failed auth alerting
CC6.8	Malicious Software	SSH does not execute transferred content automatically

Documentation is Essential

Compliance isn't just about having controls—it requires documentation proving controls exist and function. Maintain: SSH configuration documentation, key management procedures, access review records, log retention evidence, and security assessment reports. Auditors require evidence, not just assertions.

Audit Logging and Monitoring

Comprehensive logging enables security monitoring, incident investigation, and compliance demonstration. Proper SSH logging captures authentication events, session activities, and anomalies.

SSH Server Logging Configuration:

/etc/ssh/sshd_config (Logging)

Logging Config

# Logging Configuration
SyslogFacility AUTH           # Log to AUTH facility
LogLevel VERBOSE              # Detailed logging (INFO, VERBOSE, DEBUG, DEBUG1-3)
 
# Log levels explained:
# QUIET    - Nothing (never use in production)
# FATAL    - Critical errors only
# ERROR    - Errors
# INFO     - Basic connection info, authentication success/failure
# VERBOSE  - Key fingerprints, commands (recommended for security)
# DEBUG    - Extremely verbose, security-sensitive details
# DEBUG1-3 - Even more detail (never in production, exposes secrets)
 
# Production recommendation: VERBOSE
# Provides: key fingerprints, authentication methods, session IDs
# Doesn't expose: passwords, key material, sensitive data

What SSH Logs Capture:

Example Log Entries

Log Examples

# Successful authentication (VERBOSE level)
sshd[12345]: Connection from 192.168.1.100 port 52341 on 10.0.0.50 port 22
sshd[12345]: Accepted publickey for sftp_user from 192.168.1.100 port 52341 
    ssh2: ED25519 SHA256:AbCdEfGhIjKlMnOpQrStUvWxYz1234567890
sshd[12345]: pam_unix(sshd:session): session opened for user sftp_user
sshd[12345]: User sftp_user from 192.168.1.100 using subsystem sftp
 
# Failed authentication attempts
sshd[12346]: Failed password for invalid user admin from 203.0.113.50 port 22
sshd[12346]: Connection closed by authenticating user admin 203.0.113.50 port 22
sshd[12347]: error: maximum authentication attempts exceeded for invalid user root
 
# Session termination
sshd[12345]: Received disconnect from 192.168.1.100 port 52341:11: disconnected by user
sshd[12345]: Disconnected from user sftp_user 192.168.1.100 port 52341
sshd[12345]: pam_unix(sshd:session): session closed for user sftp_user
 
# Key fingerprint for audit trail
# The SHA256:... fingerprint uniquely identifies which key was used
# Maps to specific authorized_keys entry for accountability

SFTP-Specific Logging:

By default, OpenSSH SFTP doesn't log file operations. For compliance, enable SFTP logging:

SFTP Operation Logging
Configuration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# In sshd_config, modify the Subsystem line:
Subsystem sftp internal-sftp -l VERBOSE
 
# Or for even more detail:
Subsystem sftp internal-sftp -l VERBOSE -f LOCAL6
 
# This produces logs like:
# sftp-server[12345]: opendir "/home/sftp_user/documents"
# sftp-server[12345]: closedir "/home/sftp_user/documents"
# sftp-server[12345]: open "/home/sftp_user/documents/report.pdf" flags READ mode 0000
# sftp-server[12345]: close "/home/sftp_user/documents/report.pdf" bytes read 102400
# sftp-server[12345]: open "/home/sftp_user/uploads/data.csv" flags WRITE,CREATE,TRUNCATE
# sftp-server[12345]: close "/home/sftp_user/uploads/data.csv" bytes written 50000
 
# For separate log file (via rsyslog):
# /etc/rsyslog.d/sftp.conf:
# local6.* /var/log/sftp.log
 
# Restart both services:
# systemctl restart rsyslog
# systemctl restart sshd

Log Analysis Tools

Centralize SSH logs using syslog-ng or rsyslog to a SIEM (Splunk, ELK, etc.). Create alerts for: failed authentication spikes, successful auth from unusual IPs, root login attempts, and authentication outside business hours. Tools like Fail2ban can automatically block attacking IPs based on log patterns.

Enterprise Security Patterns

Enterprise environments require additional security layers beyond basic SFTP configuration. These patterns address scale, management complexity, and heightened threat profiles.

Pattern 1: Bastion Host Architecture:

Bastion Architecture

Architecture

Bastion/Jump Host Pattern:
 
┌─────────────────────────────────────────────────────────────────────────┐
│                              INTERNET                                    │
└────────────────────────────────────┬────────────────────────────────────┘
                                     │
                              ┌──────▼──────┐
                              │   Firewall   │
                              │  (port 22)   │
                              └──────┬───────┘
                                     │
                            ╔════════▼════════╗
                            ║  BASTION HOST   ║  DMZ Network
                            ║                 ║
                            ║ • SSH only      ║
                            ║ • No data store ║
                            ║ • Full logging  ║
                            ║ • 2FA required  ║
                            ╚════════╤════════╝
                                     │
                              ┌──────▼──────┐
                              │   Firewall   │
                              │  (internal)  │
                              └──────┬───────┘
                                     │
       ┌─────────────────────────────┼─────────────────────────────┐
       │                             │                             │
┌──────▼──────┐              ┌───────▼──────┐             ┌───────▼──────┐
│ SFTP Server │              │ SFTP Server  │             │ SFTP Server  │
│  (Finance)  │              │    (HR)      │             │  (Dev/Ops)   │
│             │              │              │             │              │
│ Chroot to   │              │ Chroot to    │             │ No chroot    │
│ /finance    │              │ /hr          │             │ Full access  │
└─────────────┘              └──────────────┘             └──────────────┘
                              INTERNAL NETWORK
 
Benefits:
• Single point of entry (reduced attack surface)
• Centralized authentication and logging
• Internal servers not directly exposed
• Can enforce MFA at bastion
• Compromise of one server doesn't expose bastion

Pattern 2: SSH Certificate Authority:

SSH CA Benefits

•Centralized trust — Servers trust CA's public key; CA signs user certificates. No per-user key distribution.
•Automatic expiration — Certificates have validity periods. No eternal access from old keys.
•Role-based access — Certificate extensions specify allowed principals/roles. Central policy enforcement.
•Simplified rotation — Reissue certificates periodically without touching authorized_keys on every server.
•Audit trail — CA logs all certificate issuances. Complete record of access grants.

SSH CA Example
CA Setup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Create CA key pair (protect this carefully!)
ssh-keygen -t ed25519 -f /secure/ca/user_ca -C "User CA"
 
# Sign a user's public key (creates certificate)
ssh-keygen -s /secure/ca/user_ca \
  -I "jane.doe@company.com" \
  -n jane,sftp_users \
  -V +52w \
  -O source-address=10.0.0.0/8 \
  /home/jane/.ssh/id_ed25519.pub
 
# Result: /home/jane/.ssh/id_ed25519-cert.pub
 
# -I: Certificate identity (for logs)
# -n: Principals (usernames user can authenticate as)
# -V: Validity (+52w = 52 weeks)
# -O: Options (restrict source IPs)
 
# Server configuration (/etc/ssh/sshd_config):
TrustedUserCAKeys /etc/ssh/trusted_ca.pub
 
# Server trusts any certificate signed by this CA
# No need to manage authorized_keys per user!

Pattern 3: Hardware Security Module (HSM) Integration:

•Private keys in hardware — Keys stored in tamper-resistant HSM; never exposed to software. PKCS#11 integration with SSH.
•Non-exportable keys — Even server compromise can't extract private keys. Signing operations happen inside HSM.
•FIPS 140-2 compliance — HSMs provide certified cryptographic modules for regulated industries.
•Smart card authentication — User keys on PIV/CAC cards. Requires physical possession plus PIN.

Implementation Complexity

Enterprise patterns add security but increase operational complexity. Start with bastion host architecture for most organizations. Add SSH CA when managing 50+ servers. Consider HSM for highest-security environments (financial, government, critical infrastructure). Each layer requires expertise to implement and maintain correctly.

Security Hardening Checklist

A comprehensive hardening checklist ensures no security controls are overlooked. Implement these measures systematically for production SFTP/SCP deployments.

Server Hardening:

SSH Server Security Checklist

•Disable password authentication — PasswordAuthentication no; forces key-based auth.
•Disable root login — PermitRootLogin no; use sudo from regular accounts.
•Use strong algorithms only — Remove legacy ciphers, MACs, and key exchange algorithms.
•Set authentication attempt limits — MaxAuthTries 3; blocks brute force.
•Configure idle timeout — ClientAliveInterval 300; ClientAliveCountMax 2.
•Restrict user access — AllowUsers or AllowGroups whitelist authorized users.
•Enable verbose logging — LogLevel VERBOSE for audit trails.
•Use ChrootDirectory for SFTP — Jail SFTP-only users to specific directories.
•Disable unused features — X11Forwarding no; AllowTcpForwarding no (where not needed).
•Keep SSH updated — Apply security patches promptly.

Recommended sshd_config for Secure SFTP:

Hardened sshd_config

Config

# /etc/ssh/sshd_config - Security Hardened
 
# Protocol and Authentication
Protocol 2
PermitRootLogin no
PasswordAuthentication no
PermitEmptyPasswords no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
ChallengeResponseAuthentication no
 
# Strong Cryptography
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
HostKeyAlgorithms ssh-ed25519,rsa-sha2-512
 
# Connection Controls
MaxAuthTries 3
MaxSessions 5
LoginGraceTime 30
ClientAliveInterval 300
ClientAliveCountMax 2
 
# Access Control
AllowGroups sftpusers admins
DenyUsers nobody
 
# Logging
SyslogFacility AUTH
LogLevel VERBOSE
 
# SFTP Configuration
Subsystem sftp internal-sftp -l VERBOSE
 
# Disable Unused Features
X11Forwarding no
AllowAgentForwarding no
AllowTcpForwarding no
PermitTunnel no
 
# SFTP-Only User Configuration
Match Group sftponly
    ChrootDirectory /data/sftp/%u
    ForceCommand internal-sftp -l VERBOSE
    AllowTcpForwarding no
    X11Forwarding no
    PermitTunnel no
    AllowAgentForwarding no

Configuration Validation

After modifying sshd_config, always validate before restarting: 'sshd -t' tests configuration syntax. Use 'ssh-audit' tool to verify cryptographic configuration strength. Test changes in a separate session before closing your current connection to avoid lockout.

Incident Response Considerations

Security incidents involving file transfer systems require rapid, methodical response. Preparation enables effective action when breaches occur.

Indicators of Compromise:

Signs of SSH/SFTP Compromise

•Unusual authentication sources — Successful logins from unexpected IPs, countries, or times.
•Failed authentication spikes — Brute-force attack in progress; may precede successful breach.
•Unauthorized key additions — New keys in authorized_keys not following change procedures.
•Unexpected file transfers — Unusual volumes, times, or destinations in SFTP logs.
•Host key changes — Server warning about changed host key without planned rotation.
•Configuration modifications — Changed sshd_config without change records.
•New or modified binaries — sshd, sftp-server, or related binaries with changed hashes.

Response Procedures:

Incident Response Actions
Phase	Actions	Evidence to Preserve
Detection	Identify anomaly, assess scope, notify security team	Initial log entries, timestamps, observer notes
Containment	Disable compromised keys, block attacking IPs, isolate systems if necessary	Firewall rules applied, keys removed, network logs
Eradication	Remove unauthorized access, patch vulnerabilities, rotate all credentials	Removed artifacts, patch records, new credential hashes
Recovery	Restore from known-good, verify integrity, monitor closely	Integrity verification results, monitoring alerts
Lessons Learned	Document timeline, identify gaps, update procedures	Incident report, procedure updates, training records

Key Rotation After Compromise:

Post-Compromise Key Rotation
Rotation Steps
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Complete key rotation procedure after compromise
 
# 1. Generate new host keys
rm /etc/ssh/ssh_host_*
ssh-keygen -A
# Distribute new host keys to known_hosts management
 
# 2. Rotate CA keys (if using SSH CA)
# Generate new CA on offline system
# Sign new user certificates
# Update TrustedUserCAKeys on all servers
# Revoke old CA
 
# 3. Invalidate all user keys
# For manual management:
for user in /home/*; do
    mv "$user/.ssh/authorized_keys" "$user/.ssh/authorized_keys.revoked"
done
# Require users to generate new keys and submit for approval
 
# 4. Remove any unauthorized SSH configurations
find /etc/ssh -name "*.conf" -newer /etc/ssh/sshd_config.baseline
 
# 5. Verify no persistence mechanisms
# Check for SSH backdoors
grep -r "Subsystem" /etc/ssh/
# Check for modified binaries
rpm -V openssh-server  # or debsums for Debian
# Check for unauthorized sshd processes
ps aux | grep sshd

Assume Worst Case

If SSH credentials are compromised, assume any system accessible with those credentials is compromised. File transfer access often provides access to sensitive data or enables lateral movement. Scope incidents broadly, then narrow based on evidence. Better to over-react than miss attacker persistence.

Summary: Security Excellence in File Transfer

We've comprehensively examined the security dimensions of SSH-based file transfer. This knowledge enables you to deploy, configure, and operate SFTP/SCP with confidence in security-critical environments.

Key Takeaways

•Comprehensive threat protection — SFTP/SCP defend against eavesdropping, MITM, replay, and credential attacks through SSH's cryptographic architecture.
•Perfect forward secrecy — Ephemeral key exchange ensures past sessions can't be decrypted even if long-term keys are later compromised.
•Compliance enablement — SSH file transfer maps to PCI-DSS, HIPAA, GDPR, and SOC 2 requirements with proper configuration.
•Audit logging is essential — Enable VERBOSE logging for SSH and SFTP operations; centralize and monitor logs.
•Enterprise patterns enhance security — Bastion hosts, SSH CA, and HSMs provide defense-in-depth for high-security environments.
•Hardening requires systematic approach — Follow checklists; validate configuration with tools like ssh-audit.
•Prepare for incidents — Define IOCs, establish response procedures, and practice key rotation before you need it.

Module Conclusion:

You have now mastered SFTP and SCP—from the foundational need for secure file transfer through protocol mechanics, SSH integration, and comprehensive security implementation. This knowledge positions you to design, deploy, and maintain secure file transfer systems that protect organizational assets while meeting operational and compliance requirements.

The protocols and patterns covered in this module represent production-tested approaches used by organizations handling the most sensitive data. Apply this knowledge systematically, stay current with security developments, and remember that security is an ongoing process, not a destination.

Module Complete

Congratulations! You have completed the comprehensive SFTP and SCP module. You now possess expert-level understanding of secure file transfer protocols, their SSH foundation, practical deployment, and security implementation. Apply this knowledge to build file transfer systems that are secure by design and resilient in operation.

5 / 5

Loading learning content...

Computer NetworksSFTP and SCP

SFTP and SCP: Secure File Transfer Protocols

LevelIntermediate

Duration60 mins

TopicSFTP and SCP

5 / 5

Security Benefits: Defense in Depth for File Transfer

Security as a Foundational Requirement

What You Will Learn

Comprehensive Threat Model

Effective security requires understanding what you're defending against. File transfer systems face a diverse array of threats, each requiring specific countermeasures.

Threat Categories:

File Transfer Threat Taxonomy
Threat Category	Description	Impact	SFTP/SCP Protection
Eavesdropping	Passive interception of data in transit	Data exposure, credential theft	Full encryption of all traffic
Man-in-the-Middle	Active interception and manipulation	Data modification, impersonation	Host key verification, MAC integrity
Credential Theft	Stealing authentication credentials	Unauthorized access	Public key auth, no password transmission
Brute Force	Automated password guessing	Account compromise	Key-based auth, rate limiting
Replay Attacks	Reusing captured authentication data	Session hijacking	Session-bound signatures, nonces
Privilege Escalation	Gaining unauthorized access levels	System compromise	Principle of least privilege, chroot
Data Tampering	Modifying files during transfer	Integrity violation	MAC verification on every packet
Denial of Service	Disrupting file transfer availability	Operational impact	Connection limits, rate limiting

Attack Vectors in Detail:

How Attackers Target File Transfer

•Network Sniffing — Attackers position themselves on network paths (compromised routers, WiFi networks, backbone access) to capture traffic. FTP exposes everything; SFTP/SCP render captured packets meaningless without keys.
•ARP/DNS Spoofing — Attackers redirect traffic through their systems by poisoning local network mappings. SSH's host key verification detects this—changed keys trigger warnings.
•Credential Stuffing — Automated attacks using breached credentials from other services. SSH key authentication eliminates password exposure entirely.
•Insider Threats — Authorized users exceeding their access or exfiltrating data. Chroot jails, restricted commands, and audit logging provide defense and detection.
•Supply Chain Attacks — Compromised software or updates delivered through file transfer. SSH integrity protection ensures files aren't modified in transit.
•Zero-Day Exploits — Previously unknown vulnerabilities in SSH implementations. Defense-in-depth, minimal exposure, and rapid patching mitigate risk.

Defense in Depth

Cryptographic Security Architecture

SFTP and SCP inherit SSH's sophisticated cryptographic architecture. Understanding these mechanisms enables informed security decisions and troubleshooting.

The Cryptographic Stack:

SSH Cryptographic Layers

Crypto Stack

SSH Cryptographic Architecture:
 
┌─────────────────────────────────────────────────────────────────────┐
│ APPLICATION LAYER (SFTP/SCP Protocol Messages)                      │
│   Plaintext protocol data handed to transport layer                 │
└─────────────────────────────────────────────────────────────────────┘
                                    │
                                    ▼
┌─────────────────────────────────────────────────────────────────────┐
│ SSH TRANSPORT LAYER                                                  │
│                                                                      │
│  ┌─────────────────────────────────────────────────────────────┐   │
│  │ KEY EXCHANGE (Initial & Rekey)                               │   │
│  │                                                               │   │
│  │  Algorithm: curve25519-sha256 (ECDH on Curve25519)          │   │
│  │                                                               │   │
│  │  Client: Generate ephemeral key pair (a, A = aG)            │   │
│  │  Server: Generate ephemeral key pair (b, B = bG)            │   │
│  │  Exchange: Client sends A, Server sends B                    │   │
│  │  Shared Secret: K = abG (computed by both independently)    │   │
│  │                                                               │   │
│  │  Session Keys Derived:                                       │   │
│  │    Hash(K || H || "A" || session_id) → Client-to-Server IV  │   │
│  │    Hash(K || H || "B" || session_id) → Server-to-Client IV  │   │
│  │    Hash(K || H || "C" || session_id) → Client Encryption Key│   │
│  │    Hash(K || H || "D" || session_id) → Server Encryption Key│   │
│  │    Hash(K || H || "E" || session_id) → Client MAC Key       │   │
│  │    Hash(K || H || "F" || session_id) → Server MAC Key       │   │
│  └─────────────────────────────────────────────────────────────┘   │
│                                                                      │
│  ┌─────────────────────────────────────────────────────────────┐   │
│  │ ENCRYPTION (Per-Packet)                                       │   │
│  │                                                               │   │
│  │  Algorithm: chacha20-poly1305@openssh.com (AEAD)            │   │
│  │                                                               │   │
│  │  For each packet:                                            │   │
│  │  1. Generate 64-byte keystream from ChaCha20                │   │
│  │  2. Use first 32 bytes to encrypt packet length             │   │
│  │  3. Use ChaCha20 to encrypt payload                         │   │
│  │  4. Compute Poly1305 tag over ciphertext                    │   │
│  │  5. Transmit: encrypted_length || ciphertext || tag         │   │
│  └─────────────────────────────────────────────────────────────┘   │
│                                                                      │
│  ┌─────────────────────────────────────────────────────────────┐   │
│  │ INTEGRITY (AEAD or Encrypt-then-MAC)                         │   │
│  │                                                               │   │
│  │  AEAD mode: Poly1305 tag is part of encryption (above)      │   │
│  │  ETM mode: HMAC-SHA2-256 computed over encrypted packet     │   │
│  │                                                               │   │
│  │  Verification: Any bit flip causes authentication failure   │   │
│  │  Result: Connection terminated on tampering detection       │   │
│  └─────────────────────────────────────────────────────────────┘   │
└─────────────────────────────────────────────────────────────────────┘

Perfect Forward Secrecy (PFS):

Modern SSH configurations use ephemeral key exchange (ECDHE), providing Perfect Forward Secrecy:

Forward Secrecy Properties

•Ephemeral keys per session — New key pairs generated for each connection. Session keys never stored.
•Compromise protection — If server's long-term private key is later stolen, past recorded sessions cannot be decrypted.
•No key recovery — Session keys exist only in memory during the session. Destroyed on disconnect.
•Mitigates key escrow — Even with legal compulsion to surrender keys, past communications remain protected.

Verifying Your Security Configuration

Regulatory Compliance Mapping

SFTP and SCP support compliance with major regulatory frameworks. Understanding the mapping between protocol capabilities and compliance requirements enables defensible implementations.

PCI-DSS (Payment Card Industry):

PCI-DSS Requirement Mapping
Requirement	Description	SFTP/SCP Implementation
4.1	Use strong cryptography for transmission	SSH uses AES-256, ChaCha20 for encryption
8.2.3	Unique identification for each user	SSH key per user, identifiable by key comment/fingerprint
8.3	Multi-factor for remote access	SSH supports certificate + OTP via keyboard-interactive
10.2	Audit trail for data access	SSH logging captures all session events
10.5	Secure audit logs	Syslog to hardened log server, immutable storage

HIPAA (Healthcare):

HIPAA Security Rule Mapping
Safeguard	Requirement	SFTP/SCP Implementation
164.312(e)(1)	Transmission security	Encrypted transmission via SSH
164.312(e)(2)(ii)	Encryption of PHI in transit	AES-256 or equivalent encryption
164.312(d)	Authentication	SSH public key or certificate authentication
164.312(b)	Audit controls	SSH logging with user identification
164.312(a)(1)	Access control	SSH authorized_keys with restrictions

GDPR (EU Data Protection):

GDPR Article 32 - Security of Processing

•Pseudonymization and encryption — SSH provides strong encryption for personal data in transit.
•Confidentiality and integrity — MAC verification ensures data integrity; encryption provides confidentiality.
•Availability and resilience — Robust SSH implementations with failover provide availability.
•Regular testing — SSH configuration can be audited with tools like ssh-audit.

SOC 2 (Service Organizations):

SOC 2 Trust Service Criteria
Criteria	Category	SFTP/SCP Controls
CC6.1	Logical Access	SSH key-based authentication, access restrictions
CC6.6	Boundary Protection	SSH on dedicated ports, firewall integration
CC6.7	Change Management	Version-controlled SSH configurations
CC7.2	Anomaly Detection	SSH log monitoring, failed auth alerting
CC6.8	Malicious Software	SSH does not execute transferred content automatically

Documentation is Essential

Audit Logging and Monitoring

Comprehensive logging enables security monitoring, incident investigation, and compliance demonstration. Proper SSH logging captures authentication events, session activities, and anomalies.

SSH Server Logging Configuration:

/etc/ssh/sshd_config (Logging)

Logging Config

# Logging Configuration
SyslogFacility AUTH           # Log to AUTH facility
LogLevel VERBOSE              # Detailed logging (INFO, VERBOSE, DEBUG, DEBUG1-3)
 
# Log levels explained:
# QUIET    - Nothing (never use in production)
# FATAL    - Critical errors only
# ERROR    - Errors
# INFO     - Basic connection info, authentication success/failure
# VERBOSE  - Key fingerprints, commands (recommended for security)
# DEBUG    - Extremely verbose, security-sensitive details
# DEBUG1-3 - Even more detail (never in production, exposes secrets)
 
# Production recommendation: VERBOSE
# Provides: key fingerprints, authentication methods, session IDs
# Doesn't expose: passwords, key material, sensitive data

What SSH Logs Capture:

Example Log Entries

Log Examples

# Successful authentication (VERBOSE level)
sshd[12345]: Connection from 192.168.1.100 port 52341 on 10.0.0.50 port 22
sshd[12345]: Accepted publickey for sftp_user from 192.168.1.100 port 52341 
    ssh2: ED25519 SHA256:AbCdEfGhIjKlMnOpQrStUvWxYz1234567890
sshd[12345]: pam_unix(sshd:session): session opened for user sftp_user
sshd[12345]: User sftp_user from 192.168.1.100 using subsystem sftp
 
# Failed authentication attempts
sshd[12346]: Failed password for invalid user admin from 203.0.113.50 port 22
sshd[12346]: Connection closed by authenticating user admin 203.0.113.50 port 22
sshd[12347]: error: maximum authentication attempts exceeded for invalid user root
 
# Session termination
sshd[12345]: Received disconnect from 192.168.1.100 port 52341:11: disconnected by user
sshd[12345]: Disconnected from user sftp_user 192.168.1.100 port 52341
sshd[12345]: pam_unix(sshd:session): session closed for user sftp_user
 
# Key fingerprint for audit trail
# The SHA256:... fingerprint uniquely identifies which key was used
# Maps to specific authorized_keys entry for accountability

SFTP-Specific Logging:

By default, OpenSSH SFTP doesn't log file operations. For compliance, enable SFTP logging:

SFTP Operation Logging
Configuration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# In sshd_config, modify the Subsystem line:
Subsystem sftp internal-sftp -l VERBOSE
 
# Or for even more detail:
Subsystem sftp internal-sftp -l VERBOSE -f LOCAL6
 
# This produces logs like:
# sftp-server[12345]: opendir "/home/sftp_user/documents"
# sftp-server[12345]: closedir "/home/sftp_user/documents"
# sftp-server[12345]: open "/home/sftp_user/documents/report.pdf" flags READ mode 0000
# sftp-server[12345]: close "/home/sftp_user/documents/report.pdf" bytes read 102400
# sftp-server[12345]: open "/home/sftp_user/uploads/data.csv" flags WRITE,CREATE,TRUNCATE
# sftp-server[12345]: close "/home/sftp_user/uploads/data.csv" bytes written 50000
 
# For separate log file (via rsyslog):
# /etc/rsyslog.d/sftp.conf:
# local6.* /var/log/sftp.log
 
# Restart both services:
# systemctl restart rsyslog
# systemctl restart sshd

Log Analysis Tools

Enterprise Security Patterns

Enterprise environments require additional security layers beyond basic SFTP configuration. These patterns address scale, management complexity, and heightened threat profiles.

Pattern 1: Bastion Host Architecture:

Bastion Architecture

Architecture

Bastion/Jump Host Pattern:
 
┌─────────────────────────────────────────────────────────────────────────┐
│                              INTERNET                                    │
└────────────────────────────────────┬────────────────────────────────────┘
                                     │
                              ┌──────▼──────┐
                              │   Firewall   │
                              │  (port 22)   │
                              └──────┬───────┘
                                     │
                            ╔════════▼════════╗
                            ║  BASTION HOST   ║  DMZ Network
                            ║                 ║
                            ║ • SSH only      ║
                            ║ • No data store ║
                            ║ • Full logging  ║
                            ║ • 2FA required  ║
                            ╚════════╤════════╝
                                     │
                              ┌──────▼──────┐
                              │   Firewall   │
                              │  (internal)  │
                              └──────┬───────┘
                                     │
       ┌─────────────────────────────┼─────────────────────────────┐
       │                             │                             │
┌──────▼──────┐              ┌───────▼──────┐             ┌───────▼──────┐
│ SFTP Server │              │ SFTP Server  │             │ SFTP Server  │
│  (Finance)  │              │    (HR)      │             │  (Dev/Ops)   │
│             │              │              │             │              │
│ Chroot to   │              │ Chroot to    │             │ No chroot    │
│ /finance    │              │ /hr          │             │ Full access  │
└─────────────┘              └──────────────┘             └──────────────┘
                              INTERNAL NETWORK
 
Benefits:
• Single point of entry (reduced attack surface)
• Centralized authentication and logging
• Internal servers not directly exposed
• Can enforce MFA at bastion
• Compromise of one server doesn't expose bastion

Pattern 2: SSH Certificate Authority:

SSH CA Benefits

•Centralized trust — Servers trust CA's public key; CA signs user certificates. No per-user key distribution.
•Automatic expiration — Certificates have validity periods. No eternal access from old keys.
•Role-based access — Certificate extensions specify allowed principals/roles. Central policy enforcement.
•Simplified rotation — Reissue certificates periodically without touching authorized_keys on every server.
•Audit trail — CA logs all certificate issuances. Complete record of access grants.

SSH CA Example
CA Setup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Create CA key pair (protect this carefully!)
ssh-keygen -t ed25519 -f /secure/ca/user_ca -C "User CA"
 
# Sign a user's public key (creates certificate)
ssh-keygen -s /secure/ca/user_ca \
  -I "jane.doe@company.com" \
  -n jane,sftp_users \
  -V +52w \
  -O source-address=10.0.0.0/8 \
  /home/jane/.ssh/id_ed25519.pub
 
# Result: /home/jane/.ssh/id_ed25519-cert.pub
 
# -I: Certificate identity (for logs)
# -n: Principals (usernames user can authenticate as)
# -V: Validity (+52w = 52 weeks)
# -O: Options (restrict source IPs)
 
# Server configuration (/etc/ssh/sshd_config):
TrustedUserCAKeys /etc/ssh/trusted_ca.pub
 
# Server trusts any certificate signed by this CA
# No need to manage authorized_keys per user!

Pattern 3: Hardware Security Module (HSM) Integration:

•Private keys in hardware — Keys stored in tamper-resistant HSM; never exposed to software. PKCS#11 integration with SSH.
•Non-exportable keys — Even server compromise can't extract private keys. Signing operations happen inside HSM.
•FIPS 140-2 compliance — HSMs provide certified cryptographic modules for regulated industries.
•Smart card authentication — User keys on PIV/CAC cards. Requires physical possession plus PIN.

Implementation Complexity

Security Hardening Checklist

A comprehensive hardening checklist ensures no security controls are overlooked. Implement these measures systematically for production SFTP/SCP deployments.

Server Hardening:

SSH Server Security Checklist

•Disable password authentication — PasswordAuthentication no; forces key-based auth.
•Disable root login — PermitRootLogin no; use sudo from regular accounts.
•Use strong algorithms only — Remove legacy ciphers, MACs, and key exchange algorithms.
•Set authentication attempt limits — MaxAuthTries 3; blocks brute force.
•Configure idle timeout — ClientAliveInterval 300; ClientAliveCountMax 2.
•Restrict user access — AllowUsers or AllowGroups whitelist authorized users.
•Enable verbose logging — LogLevel VERBOSE for audit trails.
•Use ChrootDirectory for SFTP — Jail SFTP-only users to specific directories.
•Disable unused features — X11Forwarding no; AllowTcpForwarding no (where not needed).
•Keep SSH updated — Apply security patches promptly.

Recommended sshd_config for Secure SFTP:

Hardened sshd_config

Config

# /etc/ssh/sshd_config - Security Hardened
 
# Protocol and Authentication
Protocol 2
PermitRootLogin no
PasswordAuthentication no
PermitEmptyPasswords no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
ChallengeResponseAuthentication no
 
# Strong Cryptography
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
HostKeyAlgorithms ssh-ed25519,rsa-sha2-512
 
# Connection Controls
MaxAuthTries 3
MaxSessions 5
LoginGraceTime 30
ClientAliveInterval 300
ClientAliveCountMax 2
 
# Access Control
AllowGroups sftpusers admins
DenyUsers nobody
 
# Logging
SyslogFacility AUTH
LogLevel VERBOSE
 
# SFTP Configuration
Subsystem sftp internal-sftp -l VERBOSE
 
# Disable Unused Features
X11Forwarding no
AllowAgentForwarding no
AllowTcpForwarding no
PermitTunnel no
 
# SFTP-Only User Configuration
Match Group sftponly
    ChrootDirectory /data/sftp/%u
    ForceCommand internal-sftp -l VERBOSE
    AllowTcpForwarding no
    X11Forwarding no
    PermitTunnel no
    AllowAgentForwarding no

Configuration Validation

Incident Response Considerations

Security incidents involving file transfer systems require rapid, methodical response. Preparation enables effective action when breaches occur.

Indicators of Compromise:

Signs of SSH/SFTP Compromise

•Unusual authentication sources — Successful logins from unexpected IPs, countries, or times.
•Failed authentication spikes — Brute-force attack in progress; may precede successful breach.
•Unauthorized key additions — New keys in authorized_keys not following change procedures.
•Unexpected file transfers — Unusual volumes, times, or destinations in SFTP logs.
•Host key changes — Server warning about changed host key without planned rotation.
•Configuration modifications — Changed sshd_config without change records.
•New or modified binaries — sshd, sftp-server, or related binaries with changed hashes.

Response Procedures:

Incident Response Actions
Phase	Actions	Evidence to Preserve
Detection	Identify anomaly, assess scope, notify security team	Initial log entries, timestamps, observer notes
Containment	Disable compromised keys, block attacking IPs, isolate systems if necessary	Firewall rules applied, keys removed, network logs
Eradication	Remove unauthorized access, patch vulnerabilities, rotate all credentials	Removed artifacts, patch records, new credential hashes
Recovery	Restore from known-good, verify integrity, monitor closely	Integrity verification results, monitoring alerts
Lessons Learned	Document timeline, identify gaps, update procedures	Incident report, procedure updates, training records

Key Rotation After Compromise:

Post-Compromise Key Rotation
Rotation Steps
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Complete key rotation procedure after compromise
 
# 1. Generate new host keys
rm /etc/ssh/ssh_host_*
ssh-keygen -A
# Distribute new host keys to known_hosts management
 
# 2. Rotate CA keys (if using SSH CA)
# Generate new CA on offline system
# Sign new user certificates
# Update TrustedUserCAKeys on all servers
# Revoke old CA
 
# 3. Invalidate all user keys
# For manual management:
for user in /home/*; do
    mv "$user/.ssh/authorized_keys" "$user/.ssh/authorized_keys.revoked"
done
# Require users to generate new keys and submit for approval
 
# 4. Remove any unauthorized SSH configurations
find /etc/ssh -name "*.conf" -newer /etc/ssh/sshd_config.baseline
 
# 5. Verify no persistence mechanisms
# Check for SSH backdoors
grep -r "Subsystem" /etc/ssh/
# Check for modified binaries
rpm -V openssh-server  # or debsums for Debian
# Check for unauthorized sshd processes
ps aux | grep sshd

Assume Worst Case

Summary: Security Excellence in File Transfer

Key Takeaways

•Comprehensive threat protection — SFTP/SCP defend against eavesdropping, MITM, replay, and credential attacks through SSH's cryptographic architecture.
•Perfect forward secrecy — Ephemeral key exchange ensures past sessions can't be decrypted even if long-term keys are later compromised.
•Compliance enablement — SSH file transfer maps to PCI-DSS, HIPAA, GDPR, and SOC 2 requirements with proper configuration.
•Audit logging is essential — Enable VERBOSE logging for SSH and SFTP operations; centralize and monitor logs.
•Enterprise patterns enhance security — Bastion hosts, SSH CA, and HSMs provide defense-in-depth for high-security environments.
•Hardening requires systematic approach — Follow checklists; validate configuration with tools like ssh-audit.
•Prepare for incidents — Define IOCs, establish response procedures, and practice key rotation before you need it.

Module Conclusion:

Module Complete

5 / 5