Your dedicated server inevitably contains sensitive data, whether it is simply passwords or customer credit card information. Whether the data is highly classified or just something you do not want other people to see, it is important to keep it secure and also transfer it securely.
FTP is the tried and tested method for general file transfer, and website owners have used it for decades. Unfortunately, FTP is not secure, and using it leaves you open to the possibility of your data or private password information being intercepted. This is particularly dangerous if you are working on web applications with a live connection or with frequent live updates.
There are a couple of solutions that can set your mind at ease when transferring files. One is to use SCP (Secure Copy), which uses SSH to send files over the Internet. While Linux servers have a built-in command line tool for SCP, you can also download graphical clients like WinSCP.
Alternatively, you can use SFTP, which is another secure method of transferring files. It also uses your SSH encrypted login for secure connections. You can use SFTP with many popular FTP clients such as FileZilla.
Finally, even though you are the administrator of your server, it is important not to use an administrative account to upload or download files. By doing so, you run the risk of having your server compromised, even if you are using encrypted file transfer. The safest method is to use a regular user account with limited permissions to transfer the files. Once they are uploaded on your server, you can then login through SSH, become root, and move the files to their correct destinations.
- Secure File Transfer with SCP
- How to Use SFTP to Transfer Files
- How to Securely Download a File from Your Server
- Back to the Basics #11: Secure Shell (SSH)
- FTP vs. SFTP