Using SFTP

FTP is not a secure protocol and should not be used. PHP also offers SSH-based functions that helps you to create a secure FTP (SFTP) connection to your web server.

The SFTP (Secure FTP) uses the SSH (Secure Socket Shell) protocol to transfer files securely to your server by encrypting the data, preventing passwords and sensitive information from being transmitted in clear text over a network.

To use SFTP with PHP, the following extensions/libraries must be installed on your server and enabled in the php.ini file: OpenSSL, libssh2, and SSH2 PECL extension.

Installing libssh2 on Unix-based systems:

$ sudo apt-get install libssh2-1-dev

Installing ssh2 PECL extension on Unix-based systems:

$ sudo pecl install -a ssh2-1.4

Enabling ssh2 extension
Add the following line in the php.ini file to enable the ssh2 pecl extension:


;On Windows OS

For detail, please visit the following links:

  1. and

Let’s create an SFTP connection and authenticate with a username and password:

 // Connect to on port 22
 $ssh = ssh2_connect('', '22'); 
 if (!$ssh) {
  die("Failed to connect to $host");

 if (!ssh2_auth_password($ssh, 'user', 'password')) {
  die('Authentication failed');

 //Initialize SFTP subsystem
 $sftp = ssh2_sftp($ssh);
 if (!$sftp) {
  die('Could not initialize SFTP');

The ssh2_sftp() function returns an SSH2 SFTP resource for use with all other ssh2_sftp_*() methods and the ssh2.sftp:// stream wrapper, or false on failure. Using stream wrapper you can use fopen, file_get_contents, and file_put_contents functions to read/write files on the remote server.

Example: Read/download a file with SFTP

 // $sftp = ...

 // File to read from web server
 $remote_file = '/htdocs/file.txt'; //Full path

 //Remote file's content saved in the local file
 $local_file = "file.txt";

 //Read remote file's content with stream wrapper
 $content = file_get_contents("ssh2.sftp://$sftp$remote_file");

 if ($content === false) {
  die("Unable to read $remote_file");
 //Write file to your PC
 file_put_contents($local_file, $content);

Example: Write/upload a file with SFTP

 // $sftp = ...

 //Upload this file
 $local_file = 'file.txt';

 //Path on the server where you want to upload the file
 $remote_file = "/htdocs/file.txt";

 //Read entire file into string
 $content = file_get_contents($local_file);
 file_put_contents("ssh2.sftp://$sftp$remote_file", $content);

How to get the current directory path from SFTP

$realpath = ssh2_sftp_realpath($sftp, '.');

The ssh2_sftp_realpath() function can resolve relative paths such as . (current dir) and ..(parent dir). For example, the preceding code returns the real path of a current directory.

Example: Resolving Current Directory from SFTP with ssh2_sftp_realpath

 if (! $ssh = ssh2_connect('', '22') )
  die("Failed to connect");

 if (!ssh2_auth_password($ssh, 'username', 'password'))
  die('Authentication failed');

 if (! $sftp = ssh2_sftp($ssh) ) 
  die('Could not initialize SFTP');

 echo $realpath = ssh2_sftp_realpath($sftp, '.');

Additional SFTP functions to use on the remote filesystem:

  • ssh2_sftp_chmod() Change file mode.
  • ssh2_sftp_lstat() Stats a symbolic link.
  • ssh2_sftp_mkdir() Create a directory.
  • ssh2_sftp_stat() Stat a file.
  • ssh2_sftp_readlink() Get the target of a symbolic link
  • ssh2_sftp_rmdir() Remove a directory.
  • ssh2_sftp_rename() Rename a file.
  • ssh2_sftp_unlink() Delete a file.

For more details, visit

Communicating with Servers: