How to build curl with SFTP support

The curl package can be build to include SFTP support. Find out how easy this is to do.

How to build curl with SFTP support

Curl is a very useful tool for Linux admins. Not only does curl allow you to transfer files to and from remote servers using any number of different protocols, but with the curl command you can also extend your scripting capabilities and do so much more. However, from a security standpoint, the out of the box curl experience is lacking in one particular protocol—secure file transfer protocol (SFTP). 

SEE: Windows 10 security: A guide for business leaders (TechRepublic Premium)

If you issue the command curl -V, you'll see that, out of the box, curl includes a number of protocols (Figure A). However, the SFTP is missing.

Figure A


But what if you want to use curl in such a way that it would require SFTP support? Say, for instance, you need to transfer data to a server that uses SFTP. With curl you could do:

curl sftp:/SERVER -u USER

Where SERVER is the IP or domain of the server and USER is a remote user name. Out of the box, that won't work. In order to make curl work with SFTP, you must build it with support. Let's find out how. I'll be demonstrating on Ubuntu Server 18.04.

Getting the source

The first thing to do is download and unpack the curl source. To do that, open a terminal window and issue the following commands:

sudo apt-get install build-essential debhelper libssh-dev
sudo apt-get source curl
sudo apt-get build-dep curl

Next, change into the newly created directory with the command:

cd curl-XXX/

Where XXX is the release number.

From within that directory, download the necessary patch with the command:

sudo wget

Once the patch is downloaded, apply it with the command:

sudo patch debian/rules < ubuntu_libssl.patch

How to build the curl package

Now we can build the curl package with the command:

sudo dpkg-buildpackage -uc -us -b

The above options are:

  • -us - Do not sign the source package.
  • -uc - Do not sign the .changes file.
  • -b - Do not try to apply changes to the unpacked upstream

The build can take some time, so relax or take on a different admin task.

How to install the packages

Now, change out of this directory with the command:

cd ..

You should now find three .deb files. Install those files with the command:

sudo dpkg -i *.deb

Once the installation is complete, you should have curl built with SFTP support (Figure B).

Figure B


Curl now has SFTP support.

The caveat

The problem with building in this manner is that if curl is upgraded using apt or apt-get, it'll break the support. To get around this, you must issue the following three commands:

sudo apt-mark hold curl
sudo apt-mark hold libcurl3
sudo apt-mark hold libcurl3-gnutls

The above commands might prevent future updates to certain packages, depending on what you have installed. Should that happen, you'd need to issue the commands:

sudo apt-mark unhold curl
sudo apt-mark unhold libcurl3
sudo apt-mark unhold libcurl3-gnutls

And that, my friends, is how you build SFTP support into the curl package. Happy curling!

Also see 

Human Hand Drawing Security Concepts

Image: iStockphoto/phototechno