Does SFTP need Bi-Directional access

port sftp bidirectional
user863952 picture user863952 · Apr 7, 2014 · Viewed 10.3k times · Source

I have following script to get given file from given remote directory by accepting following parameters

  1. Host Name that you are connecting to get File
  2. User Name of the Host
  3. Local Directory where you wanted to transfer file
  4. Remote Directory from where you wanted to get file
  5. File name that you wanted to get from Remote server
FSERVER=$1
FUSER=$2
SRC_DIR=$3
REMOTE_SRC_DIR=$4
FILE_NAME=$5

cd $SRC_DIR
sftp $FUSER@$FSERVER <<GOTO
cd $REMOTE_SRC_DIR 
ascii
get $FILE_NAME 
bye

To access the files from $REMOTE_SRC_DIR to SRC_DIR do I need port open from both side? I.e. bi-directional or just one port from Remote Server to Source and it should need "INITIATE" session from the source. And what is the reason?

As per my understanding we are connecting to remote server path and then writing the query Get File name. So we need to bi-directional access.

Answer

Martin Prikryl picture Martin Prikryl · Apr 8, 2014

SFTP uses a single TCP connection. In general, TCP connection is stateful. As such, once opened both sides can send data to each other. Only the passive side of the connection needs to initially have a well known port number opened (22 for SSH/SFTP in this case). The active side opens a random port number that the passive side learns from the TCP connection initiation packed. This passive-side port closes with the TCP connection. While the active-side port is kept open for future TCP connections.

The SFTP protocol uses strictly request-response model. I.e. although the TCP allows both sides to send data anytime, with the SFTP, the server never sends data on its own, but always in a response to client request. Note that this does not mean, that no unsolicited data flows from the server to the client on network level, as in both underlying protocols of the SFTP (the TCP and the SSH) both sides of connection can send (and send) packets anytime.

Simplified flow is:

  1. SFTP client initiates TCP connection to remote port 22 (this causes implicit open of random local port on client side, this is done by operating system).
  2. SSH protocol initialization and authentication occurs.
  3. SFTP client requests SSH server to start SFTP server. Note that SFTP server is not a continuously running process. It is a sub-process/sub-service of SSH server, which is continuously running (=listening on port 22)
  4. SFTP protocol initialization occurs.
  5. SFTP (contrary to FTP protocol) is stateless, as such it does not have a concept of a working directory. As such changing remote working directory with the cd command is simulated on client side. The SFTP server is not aware at all of client remote working directory. SFTP client typically only verifies existence of the new working directory with the SFTP server.
  6. The ascii command: The OpenSSH sftp client does not have ascii command. You should get "Invalid command." Unless you use other client than OpenSSH.
  7. The get command: For file transfers the SFTP protocol offers a similar block-level API as most operating systems (contrary to a stream API of FTP protocol). So SFTP client sends "open file" request, over the existing connection, followed by repetitive "read block" requests and "close file" request. As with any SFTP requests, responses go back over the same TCP connection.
  8. At the end, the TCP connection is terminated and connection-specific random local port is closed.

Related questions

Why is 22 the default port number for SFTP?

Why is 22 the default port number for SFTP? Is there any specific reason for this?

Read More
How can you find out which process is listening on a port on Windows?

How can you find out which process is listening on a port on Windows?

Read More
How do I determine if a port is open on a Windows server?

I'm trying to install a site under an alternative port on a server, but the port may be closed by a firewall. Is there a way to ping out or in, on a specific port, to see if it is …

Read More