How to perform checksums during a SFTP file transfer for data integrity?

user278458 picture user278458 · May 5, 2015 · Viewed 22.2k times · Source

I have a requirement to perform checksum (for data integrity) for SFTP. I was hoping this could be done during the SFTP file transfer - I realize this could be product dependent (FYI: using CLEO VLTrader), but was wondering if this is customary?

I am also looking for alternative data integrity checking options that are as good (or better) than using a checksum algorithm. Thanks!

Answer

Martin Prikryl picture Martin Prikryl · May 6, 2015

With the SFTP, running over an encrypted SSH session, there's negligible chance the file contents could get corrupted while transferring. The SSH itself does data integrity verification.

So unless the contents gets corrupted, when reading the local file or writing the remote file, you can be pretty sure that the file was uploaded correctly, if no error is reported. That implies that a risk of data corruption as about the same as if you were copying the files between two local drives.

If you would not consider it necessary to verify data integrity after copying the files from one local drive to another, then I do not think, you need to verify integrity after an SFTP transfer, and vice versa.


If you want to test explicitly anyway:

While there's the check-file extension to the SFTP protocol to calculate a remote file checksum, it's not widely supported. Particularly it's not supported by the most widespread SFTP server implementation, the OpenSSH. See What SFTP server implementations support check-file extension.

Not many clients/client libraries support it either. You didn't specify, what client/library you are using, so I cannot provide more details.

For details about some implementations, see:

Other than that, your only option is to download the file back (if uploading) and compare locally.


If you have a shell access to the server, you can of course try to run some shell checksum command (e.g. sha256sum) over a separate shell/SSH connection (or the "exec" channel) and parse the results. But that's not an SFTP solution anymore.

Examples: