Filezilla Cyberduck

admin 11/22/2021
86 Comments

NOTE: Bitnami applications can be found in /opt/bitnami/apps.

The first step is to ensure that you have an SSH key for your server.

If you are using the Bitnami Launchpad for AWS Cloud, download the SSH key for your server in .ppk format (for FileZilla or WinSCP) or in .pem format (for Cyberduck) from the Launchpad detail page for your server.

  1. Cyberduck– Quick Look, Transfer Queue and Synchronizing Cyberduck – Bookmarks, Editing and using Multiple Connections FileZilla FileZilla -Downloading, Installing and Understanding FileZilla FileZilla – Connecting with FTP, FTPS, SFTP and uploading and downloading FileZilla – Importing/Exporting Site Connections, Editing and Logs.
  2. An open-source client for FTP and SFTP, WebDAV, and cloud storage. It is a libre server and cloud storage browser for Mac and Windows with support for FTP, SFTP, WebDAV, Amazon S3, OpenStack Swift, Backblaze B2, Microsoft Azure & OneDrive, Google Drive and Dropbox. FileZilla and Cyberduck can be categorized as 'File Transfer' tools.
  3. Cyberduck is ranked 2nd while FileZilla is ranked 4th. The most important reason people chose Cyberduck is: Sticks to being a simple FTP app without adding more features. No need for other file managing features that are not related to FTP purposes.

Although you can use any SFTP/SCP client to transfer files to your server, this guide documents FileZilla (Windows, Linux and Mac OS X), WinSCP (Windows) and Cyberduck (Mac OS X).

Using an SSH Key

This tutorial explains how to use Cyberduck to upload your website. Cyberduck is a powerful and free software for transferring files over the Internet. It is a very popular FTP client and is used by webmasters from all over the world.

NOTE: The steps below assume that you have obtained the SSH credentials for your server. Learn more about obtaining SSH credentials

Once you have your server’s SSH key, choose your preferred application and follow the steps below to connect to the server using SFTP.

Filezilla

FileZilla

IMPORTANT: To use FileZilla, your server private key should be in PPK format.

Follow these steps:

  • Download and install FileZilla.

  • Launch FileZilla and use the “Edit -> Settings” command to bring up FileZilla’s configuration settings.

  • Within the “Connection -> SFTP” section, use the “Add keyfile” command to select the private key file for the server. FileZilla will use this private key to log in to the server.

  • Use the “File -> Site Manager -> New Site” command to bring up the FileZilla Site Manager, where you can set up a connection to your server.

  • Enter your server host name and specify bitnami as the user name.

  • Select “SFTP” as the protocol and “Ask for password” as the logon type.

  • Use the “Connect” button to connect to the server and begin an SFTP session. You might need to accept the server key, by clicking “Yes” or “OK” to proceed.

You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.

If you have problems accessing your server, get extra information by use the “Edit -> Settings -> Debug” menu to activate FileZilla’s debug log.

WinSCP

IMPORTANT: To use WinSCP, your server private key should be in PPK format.

Follow these steps:

  • Download and install WinSCP.

  • Launch WinSCP and in the “Session” panel, select “SCP” as the file protocol.

  • Enter your server host name and specify bitnami as the user name.

  • Click the “Advanced…” button and within the “SSH -> Authentication -> Authentication parameters” section, select the private key file for the server. WinSCP will use this private key to log in to the server.

  • From the “Session” panel, use the “Login” button to connect to the server and begin an SCP session.

You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.

If you need to upload files to a location where the user doesn’t have write permissions, you have two options:

  • Once you have configured WinSCP as described above, click the “Advanced…” button and within the “Environment -> Shell” panel, select sudo su - as your shell. This will allow you to upload files using the administrator account.

  • Upload the files to the /home/bitnami directory as usual. Then, connect via SSH and move the files to the desired location with the sudo command, as shown below. Replace the FILENAME placeholder with the actual name of the file being moved.

Cyberduck portable windows

Cyberduck

IMPORTANT: To use Cyberduck, your server private key should be in PEM format.

Follow these steps:

  • Select the “Open Connection” command and specify “SFTP” as the connection protocol.

  • In the connection details panel, under the “More Options” section, enable the “Use Public Key Authentication” option and specify the path to the private key file for the server.

  • Use the “Connect” button to connect to the server and begin an SFTP session.

You should now be logged into the /home/bitnami directory on the server. You can now transfer files by dragging and dropping them from the local server window to the remote server window.

July 18, 2018

Summary
Background
What is the issue?
How does the riskware get installed?
What can you do?
More information

Summary

The Office of the CISO recently learned of suspicious processes created by the FileZilla SFTP program. While we do not consider the behavior to rise to the level of malware, it does have the potential to pose a risk.

Note that the behavior exhibited by FileZilla refers to the “bundled” version of the program (which is the default download version). It is still possible to download the un-bundled version, but this introduces an extra level of complexity to the end user that can be avoided by recommending other SFTP options.

Background

FileZilla is a cross-platform graphical File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP), and FTP Secure (FTPS) file management tool for Windows, Linux, Mac OS X, and other operating systems. FileZilla’s tools allow the user to manage and transfer files between their local machine and a remote server. For example, it allows for comparison and file synchronizing, as well as tab browsing between servers, transferring files to multiple servers simultaneously, and editing remote files on the go.

Winscp Or Filezilla

What is the issue?

FileZilla users observed the “complete” FileZilla installer creating an unidentified process which spawns multiple command line prompts that append dat files (a generic data file) together.

Many programs create, open, or reference dat files. These files may contain data in binary or text format, and typically they are accessed only by the application that created them. While using FileZilla, users observed a process that reaches out to random, unrelated IP Addresses over TCP/80. This can be an indication of malicious behavior, such as command and control traffic.

How does the riskware get installed on your computer?

Filezilla Or Cyberduck

A pop-up link alerts the user their FileZilla application is out of date and directs the user to the website for filezilla-project.org. The download from this link delivers a bundled installation wrapper (a program used to execute one or more other installation program). The wrapper contains potentially unwanted application / potentially unwanted program (PUA/PUP) (e.g., possibly fusioncore, installcore, Eldorado); and riskware. Many of these applications may not be detected by antivirus software.

What can you do?

  1. To protect yourself against this riskware, don’t use FileZilla.
  2. For user data exchange, consider cloud-based storage-as-a-service.
  3. If you need a file transfer application, consider options such as WinSCP or Cyberduck.
  4. When downloading applications and software from the Internet, always save them to a file and run antivirus software against them before execution to ensure they are free of any malware.

Is Cyberduck Safe

More information

Filezilla Oder Cyberduck

Reddit
FileZilla forum
Bleeping Computer