Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to perform checksums during a SFTP file transfer for data integrity?

I have a requirement to perform checksum (for data integrity) for SFTP. I was hoping this could be done during the SFTP file transfer - I realize this could be product dependent (FYI: using CLEO VLTrader), but was wondering if this is customary?

I am also looking for alternative data integrity checking options that are as good (or better) than using a checksum algorithm. Thanks!

like image 232
user278458 Avatar asked May 05 '15 15:05

user278458


1 Answers

With the SFTP, running over an encrypted SSH session, there's negligible chance the file contents could get corrupted while transferring. The SSH itself does data integrity verification.

So unless the contents gets corrupted, when reading the local file or writing the remote file, you can be pretty sure that the file was uploaded correctly, if no error is reported. That implies that a risk of data corruption as about the same as if you were copying the files between two local drives.

If you would not consider it necessary to verify data integrity after copying the files from one local drive to another, then I do not think, you need to verify integrity after an SFTP transfer, and vice versa.


If you want to test explicitly anyway:

While there's the check-file extension to the SFTP protocol to calculate a remote file checksum, it's not widely supported. Particularly it's not supported by the most widespread SFTP server implementation, the OpenSSH. See What SFTP server implementations support check-file extension.

Not many clients/client libraries support it either. You didn't specify, what client/library you are using, so I cannot provide more details.

For details about some implementations, see:

  • Python Paramiko: How to check if Paramiko successfully uploaded a file to an SFTP server?
  • .NET WinSCP: Verify checksum of a remote file against a local file over SFTP/FTP protocol
  • What SFTP server implementations support check-file extension

Other than that, your only option is to download the file back (if uploading) and compare locally.


If you have a shell access to the server, you can of course try to run some shell checksum command (e.g. sha256sum) over a separate shell/SSH connection (or the "exec" channel) and parse the results. But that's not an SFTP solution anymore.

Examples:

  • Calculate hash of file with Renci SSH.NET in VB.NET
  • Comparing MD5 of downloaded files against files on an SFTP server in Python
like image 132
Martin Prikryl Avatar answered Sep 21 '22 09:09

Martin Prikryl