The curl package can be build to include SFTP support. Find out how easy this is to do.
Curl is a very useful tool for Linux admins. Not only does curl allow you to transfer files to and from remote servers using any number of different protocols, but with the curl command you can also extend your scripting capabilities and do so much more. However, from a security standpoint, the out of the box curl experience is lacking in one particular protocol—secure file transfer protocol (SFTP).
SEE: Windows 10 security: A guide for business leaders (TechRepublic Premium)
If you issue the command curl -V, you'll see that, out of the box, curl includes a number of protocols (Figure A). However, the SFTP is missing.
But what if you want to use curl in such a way that it would require SFTP support? Say, for instance, you need to transfer data to a server that uses SFTP. With curl you could do:
curl sftp:/SERVER -u USER
Where SERVER is the IP or domain of the server and USER is a remote user name. Out of the box, that won't work. In order to make curl work with SFTP, you must build it with support. Let's find out how. I'll be demonstrating on Ubuntu Server 18.04.
Getting the source
The first thing to do is download and unpack the curl source. To do that, open a terminal window and issue the following commands:
sudo apt-get install build-essential debhelper libssh-dev sudo apt-get source curl sudo apt-get build-dep curl
Next, change into the newly created directory with the command:
Where XXX is the release number.
From within that directory, download the necessary patch with the command:
sudo wget https://bugs.launchpad.net/ubuntu/+source/curl/+bug/311029/+attachment/5234644/+files/ubuntu_libssl.patch
Once the patch is downloaded, apply it with the command:
sudo patch debian/rules < ubuntu_libssl.patch
How to build the curl package
Now we can build the curl package with the command:
sudo dpkg-buildpackage -uc -us -b
The above options are:
- -us - Do not sign the source package.
- -uc - Do not sign the .changes file.
- -b - Do not try to apply changes to the unpacked upstream
The build can take some time, so relax or take on a different admin task.
How to install the packages
Now, change out of this directory with the command:
You should now find three .deb files. Install those files with the command:
sudo dpkg -i *.deb
Once the installation is complete, you should have curl built with SFTP support (Figure B).
The problem with building in this manner is that if curl is upgraded using apt or apt-get, it'll break the support. To get around this, you must issue the following three commands:
sudo apt-mark hold curl sudo apt-mark hold libcurl3 sudo apt-mark hold libcurl3-gnutls
The above commands might prevent future updates to certain packages, depending on what you have installed. Should that happen, you'd need to issue the commands:
sudo apt-mark unhold curl sudo apt-mark unhold libcurl3 sudo apt-mark unhold libcurl3-gnutls
And that, my friends, is how you build SFTP support into the curl package. Happy curling!
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)