After connecting to my Synology NAS yesterday evening, i tried to copy one file from the right panel on the SFTP server to the left panel which was also a folder on the SFTP server.
It simply didn't work, so i had do copy it to a local folder and then upload it from there.
Is there any way to achieve the following with the sftp plugin
1. Copy files form SFTP site to SFTP site, with the disadvantage of having the data travel over my internet connection and my computer
or even better
2. Server to Server(?) Copy: having the transfer directly from source (on server) to destination (maybe on the same, maybe on a different server).
?
thanks in advance
br
sebastian
sftp plugin - server to server(?) copy
Moderators: Hacker, petermad, Stefan2, white
-
sqa_wizard
- Power Member
- Posts: 3897
- Joined: 2003-02-06, 11:41 UTC
- Location: Germany
A Server to Server Copy it is not that simple.
To achieve this, you have to tell the source server the credentials of the destination server first.
But the main problem is, that the server has to support this FXP feature.
Most of the server I know do not support FXP due to security reasons.
This is valid at least for simple FTP, but it should be the same for SFTP with an additional trust of the destination certificate.
There are a lot of threads about FXP on this forum ... just do a search.
To achieve this, you have to tell the source server the credentials of the destination server first.
But the main problem is, that the server has to support this FXP feature.
Most of the server I know do not support FXP due to security reasons.
This is valid at least for simple FTP, but it should be the same for SFTP with an additional trust of the destination certificate.
There are a lot of threads about FXP on this forum ... just do a search.
#5767 Personal license
A little clarification:
FXP is only for FTP, it does not apply to SFTP. It's taking advantage of the fact that FTP uses separate control and data connections. If you want to transfer something directly from one server to another, you connect and login to both. Then you send PASV ("tell me where I can connect to") to one to get address and port where data connection can be established. But instead of using it yourself, you give it to the other server using PORT ("connect here"). Then you send STOR ("put incoming data to file") to one and RETR ("give me data from file") to another. And they happily exchange data.
In some way, it's security disaster, especially with regular unencrypted FTP. On top of that, if FXP is enabled, PORT command can be misused by anyone to make server connect anywhere. But there are also some advantages. It's actually pretty secure when it comes to login credentials, because you keep them for yourself and don't have to give them to the other server. You can even have some IP filter in place, allowing user to login only from some addresses (which don't include the other server) and it will still work, if data connections can come from/to anywhere.
With SFTP it's different. There's only one connection for everything. So server to server transfers have to work in different way. Basically you have to remotely start the copy operation directly on one of the servers. The bad thing about this is that you have to give your credentials (*) to one of the servers to be able to connect to other one. It can also fail if user is not allowed to login from other server's address. But generally it can work.
Could it work with TC's SFTP plugin? Probably yes. Used SSH library can run remote commands. I'm just not sure about getting some feedback to properly show progress.
Of course using TC as proxy, i.e. automatic download from server A to your computer and immediate upload to server B would be more universal and would work with everything (e.g. FTP to SFTP) at the cost of being slower.
--
(*) You don't have to, if you use SSH agent for authentication and forwarding is supported. That way when one remote server needs to login to the other one, the exchange gets forwarded to you and the first server does not get to know anything sensitive. But I don't have any idea if used library supports this.
FXP is only for FTP, it does not apply to SFTP. It's taking advantage of the fact that FTP uses separate control and data connections. If you want to transfer something directly from one server to another, you connect and login to both. Then you send PASV ("tell me where I can connect to") to one to get address and port where data connection can be established. But instead of using it yourself, you give it to the other server using PORT ("connect here"). Then you send STOR ("put incoming data to file") to one and RETR ("give me data from file") to another. And they happily exchange data.
In some way, it's security disaster, especially with regular unencrypted FTP. On top of that, if FXP is enabled, PORT command can be misused by anyone to make server connect anywhere. But there are also some advantages. It's actually pretty secure when it comes to login credentials, because you keep them for yourself and don't have to give them to the other server. You can even have some IP filter in place, allowing user to login only from some addresses (which don't include the other server) and it will still work, if data connections can come from/to anywhere.
With SFTP it's different. There's only one connection for everything. So server to server transfers have to work in different way. Basically you have to remotely start the copy operation directly on one of the servers. The bad thing about this is that you have to give your credentials (*) to one of the servers to be able to connect to other one. It can also fail if user is not allowed to login from other server's address. But generally it can work.
Could it work with TC's SFTP plugin? Probably yes. Used SSH library can run remote commands. I'm just not sure about getting some feedback to properly show progress.
Of course using TC as proxy, i.e. automatic download from server A to your computer and immediate upload to server B would be more universal and would work with everything (e.g. FTP to SFTP) at the cost of being slower.
--
(*) You don't have to, if you use SSH agent for authentication and forwarding is supported. That way when one remote server needs to login to the other one, the exchange gets forwarded to you and the first server does not get to know anything sensitive. But I don't have any idea if used library supports this.
-
ghisler(Author)
- Site Admin
- Posts: 50930
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
The SFTP plugin doesn't currently support server to server transfers. I don't think that this is possible, although copying within the same server could probably work (but isn't currently implemented).
TC8 does support the secure server to server transfers via FTPS if the server supports it, but I doubt that your NAS supports it. It uses the SSCN ON command if the server reports it via FEAT, otherwise the CPSV command.
TC8 does support the secure server to server transfers via FTPS if the server supports it, but I doubt that your NAS supports it. It uses the SSCN ON command if the server reports it via FEAT, otherwise the CPSV command.
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com