Basic usage

• lftp sftp://[domain name]
• lftp sftp://example.com

Use a different user name than the one you are currently using

• lftp sftp://[user name]@[domain name]
• lftp sftp://username@example.com

Use a different port and different user name

• lftp sftp://[user name]@[domain name]:[port number]
• lftp sftp://userName@example.com:2222

Recursive download/upload

lftp> mirror directory_to_download
lftp> mirror -R directory_to_upload

For more lftp options type the following command in a console window

# man lftp

#!/bin/bash

# Zimbra Backup Script
# Requires sftp to run
# This script is intended to run from the crontab as root
# Free to use and free of any warranty!  Daniel W. Martin, 9 Sept 2007

# Live sync before stopping Zimbra to minimize sync time with the services down
# Comment out the following line if you want to try single cold-sync only
rsync -avHK --delete /opt/zimbra/ /backup/zimbra

# which is the same as: /opt/zimbra /backup
# Including --delete option gets rid of files in the dest folder that don't exist at the src
# this prevents logfile/extraneous bloat from building up overtime.

# Stop Zimbra Services
sudo -u zimbra /opt/zimbra/bin/zmcontrol stop
sleep 40

# Sync to backup directory
rsync -avHK --delete /opt/zimbra/ /backup/zimbra

# Restart Zimbra Services
sudo -u zimbra /opt/zimbra/bin/zmcontrol start

# Create a txt file in the backup directory that'll contain the current Zimbra
# server version. Handy for knowing what version of Zimbra a backup can be restored to.
sudo -u zimbra zmcontrol -v > /backup/zimbra/conf/zimbra_version.txt
# or examine your /opt/zimbra/.install_history

# Create archive of backed-up directory for offsite transfer
# cd /backup/zimbra
ZimbraVersion=zimbraBackup-zcs-5.0.1_GA_1902.DEBIAN4.0.20080109200914

tar -zcf /backup/$ZimbraVersion-$(date +"%Y-%m-%d").tgz -C /backup/zimbra .

# Transfer file to backup server using passwordless sftp
scp zimbraBackup-zcs-5.0.1_GA_1902.DEBIAN4.0.20080109200914-$(date +"%Y-%m-%d").tgz username@example.com:/path/to/backupfolder/

I’ve described passwordless ssh/sftp session in a earlier post so I won’t describe the last line of the backup script.

Create a file named myCommands.sftp that contains the commands you want to run. My file looks like this

# Change to your desired directory locally
lcd /data/Hattori
# Change to the desired directory on the remote server
cd /backup
# Transfer all remote files locally
get *
# We're done with this session
bye

Next you run the sftp session

sftp -b myCommands.sftp example.com

That should be all that is necessary to download your files from the remote server.

This example could easily have been extended with a crontab entry.

Edit your /etc/sshd_config file and change your settings like this

Match User username
AllowTcpForwarding no
X11Forwarding no
ForceCommand /usr/libexec/sftp-server -l INFO

Replace username with the user name you would limit the SSH access for.

Add user as usually and assign him a password. Then run the following command (replace the ‘username’ with real user name):

root@host # usermod -s /usr/lib/sftp-server username

This changes user’s shell to sftp-server.

The last step for this to work is to add ‘/usr/lib/sftp-server‘ to /etc/shells to make it a valid shell, eg. like this:

root@host # echo '/usr/lib/stfp-server' >> /etc/shells

There. Now you’ve setup a user who can only access your server with SFTP.