SFTP (Secure FTP) Tutorial
As I mentioned in my previous post (Securing Your Web Hosting Account) the File Transfer Protocol (FTP) is not secure by itself. FTP usernames and passwords are transmitted in clear text. That means that your FTP username and password can be monitored and stolen over the internet. There are some exceptions. If you are underneath a virtual private network (VPN) then your credentials are encrypted by the VPN. Regardless, it is a good idea to use Secure FTP (SFTP) to upload and download your files when possible. In this post I’m going to show you how to set up WinSCP securely.
It must be noted that not all web hosts offer secure ftp capabilities. Your web hosting account must enable SSH access. Three web hosts that provide SSH access are Midphase, Host Monster and Host Gator.
WinSCP
WinSCP is an outstanding SFTP Client (for windows) that can be downloaded for free at http://www.winscp.com/. Download WinSCP and then launch the application. You will see a button labeled “New” when you launch WinSCP. Click on that button to set up a new secure ftp connection. Here is a screenshot of the new connection screen:
A typical host name is something like ftp.yourwebsite.com. If your ip is dedicated to your domain name then you can simply enter the ip address as the host name. The most important selections in this screenshot are the port and the protocol. The port should be set to 22 and the protocol should be set to SFTP. Save the connection. Select the connection and attempt to login. WinSCP will ask you to generate a key the first time you login. If you are successful you will authenticate and see the files on your web server appear. You can now drag and drop files from your computer to the web server (and vice versa) securely!
Notepad++
WinSCP will help you upload and download your files securely. But what about editing those files? There is a free editor for windows that can make writing your scripts much easier. You can download it at http://notepad-plus.sourceforge.net/uk/about.php. Notepad++ has a plethora of options that normal Notepad does not support such as syntax highlighting, auto completion, and more.
WinSCP and Notepad++
You can use Notepad++ in collaboration with WinSCP. This way when you edit files in Notepad++ they will save out to your web server securely via the WinSCP application. I will show you how to set this up.
Launch WinSCP. On the left you will see a link to “Preferences”. Click on it. In the middle of the screen you will see a button labeled “Preferences”. Click on it. On the left you will see a link to “Editors”. Click on it. Find the button that says “Add”. Click on it. Choose the “External Editor” radio button and then browse for the Notepad++ executable file. Save and exit.
Now whenever you launch WinSCP you can right-click on files on your web server and choose “Edit”. The file will launch in Notepad++ automatically. When you save your changes, WinSCP will update the file on your web server securely. Try it!
![[Furl]](http://www.furl.net/images/logo-favicon.ico){kind=logo}
![[Newsvine]](http://www.newsvine.com/_vine/images/identity/button_seednewsvine.gif){kind=small}
Tags: secure ftp, Security, sftp, sftp port