CHAPTER 18
■■■
Transferring Files Securely
with net-sftp
T he net-sftp gem provides an SFTP library, which lets you upload, delete, and otherwise
manipulate files and directories via over the SSH File Transfer Protocol, or SFTP. FTP is a
widely used protocol to transferring files between systems. FTP servers and clients can be
found on nearly every platform. However, that FTP does not provide secure authentication—
it’s possible to intercept a username and password, since the username and password are sent
unencrypted. The data is sent unencrypted as well, so it’s conceivable for sensitive data trans-
mitted over FTP to be intercepted by a third party. SFTP, on the other hand, is based on SSH,
which provides both secure authentication and encryption for any transferred data. Addition-
ally, SFTP works over SSH, so it doesn’t use multiple ports like FTP—you only need to have the
SSH port open in your firewall, and SFTP should work fine.
The net-sftp gem can be used for file transfers in a variety of situations. For example,
you could use it to transfer user data uploaded to your website—image files or video files, for
example. You could also use net-sftp to make a regular backup of a project you are working
on—you could transfer it every night (or even every hour!) to a Web server, and since net-sftp
is encrypted, you won’t need to worry about sensitive data being intercepted (assuming, of
course, that your Web server is reasonably secure).
How Does It Work?
The net-sftp library provides a host of functions for manipulating remote filesystems via
SFTP. You can read an FAQ that provides more details on the different net-sftp operations at
the following URL:
http://net-ssh.rubyforge.org/sftp/faq.html
■Note Confusingly, there are two other protocols that use the name SFTP. The first is traditional FTP over
SSH; it’s possible to implement FTP over SSH, but it’s difficult and uncommon. Simple File Transfer Protocol
is another uncommon—and unsecure—file-transfer protocol. Here, however, we’re discussing only the SSH
File Transfer Protocol—it’s the most common of the three, and the only one the net-sftp gem supports.
145
�146 CHAPTER 18 ■ TRANSFERRING FILES SECURELY WITH NET-SFTP
For example, suppose we wanted to transfer the file very_important_financial_data.xls
to the remote host BigImportantCompany.com, using the username ImportantVIP and password
BigSecret. We could use the following code to do so:
Net::SFTP.start('BigImportantCompany.com',
:username=>'ImportantVIP',
:password=>'BigSecret') do |sftp_connection|
sftp_connection.put_'very_important_financial_data.xls',
"some_secret_directory/very_important_financial_data.xls"
end
■Note You can find an additional example of the net-sftp gem in action in Chapter 21.
■Note You may also want to execute arbitrary commands using SSH—if so, look into the net-ssh gem,
which the net-sftp gem uses. You can learn more about net-ssh in Chapter 19.
You can use the following command to install the net-sftp gem:
gem install net-sftp
Sending Files via SFTP Using net-sftp
Listing 18-1 demonstrates sending files over SFTP using the net-sftp gem. It will take a num-
ber of command-line options, such as hostname, username, password, and so forth, as well as
a list of files to send.
Listing 18-1. Sending Files via SFTP (net-sftp_upload.rb)
require 'net/sftp'
require 'optparse'
options = {}
opt=OptionParser.new do |opts|
opts.banner = "Usage: netsftpput.rb [options] hostname.com file1 file2 file3..."
opts.on("-u", "--username USERNAME", "username") { |u| options[:username] = u }
opts.on("-p", "--password PASSWORD", "password") { |p| options[:password] = p }
opts.on("-o", "--port PORT", "port") { |p| options[:port] = p }
opts.on("-d", "--director DIRECTORY", "directory") { |d|
options[:directory] = d }
opts.on_tail("-h", "--help", "Show this message") { puts opts.help; exit }
end
