SFTP / SSH

SFTP is a protocol for securely transferring files over SSH. The SFTP integration includes three connectors:

Connector type	Description
✅ Storage connector	Host a Kloset store on any SFTP-accessible server.
✅ Source connector	Back up a remote directory reachable over SFTP into a Kloset store.
✅ Destination connector	Restore data from a Kloset store to an SFTP target.

Requirements

An SFTP/SSH server with appropriate read and write permissions.

Typical use cases

Encrypted backups of remote Linux/BSD/application servers over SSH.
Offsite or air-gapped snapshot storage by hosting a Kloset store on an SFTP server.
Data recovery workflows: restore server trees over SSH to warm or cold standby.
Centralized archiving of distributed environments into one Kloset.

Compatibility

Works with standard OpenSSH SFTP.
On‑prem, cloud, and hybrid deployments supported.
Legacy or proprietary SFTP variants that diverge from SSH/SFTP standards are not supported.

Installation

The SFTP integration is distributed as a Plakar package. It can be installed either by downloading a pre-built package or by building it from source.

Plakar provides pre-compiled packages for common platforms. This is the simplest installation method and is suitable for most users.

Note: Installing pre-built packages requires you to be authenticated with Plakar. See Login to Plakar to unlock features.

Install the SFTP package:

1$ plakar pkg add sftp

Verify the installation:

1$ plakar pkg list

Building from source is useful if you cannot use pre-built packages.

Prerequisites

A working Go toolchain compatible with your version of Plakar.

Build the SFTP package:

1$ plakar pkg build sftp

On success, a package archive is generated in the current directory, for example sftp_v1.0.7_darwin_arm64.ptar.

Install the generated package:

1$ plakar pkg add ./sftp_v1.0.7_darwin_arm64.ptar

Verify the installation:

1$ plakar pkg list

To check whether the SFTP package is already installed:

1$ plakar pkg list

To upgrade to the latest available version, remove the existing package and reinstall it:

1$ plakar pkg rm sftp
2$ plakar pkg add sftp

This preserves existing store, source, and destination configurations.

Connectors

The SFTP package provides three connectors: a storage connector for hosting Kloset stores on SFTP servers, a source connector for backing up remote directories over SFTP, and a destination connector for restoring data over SFTP.

You can use any combination of these connectors together with other supported Plakar connectors.

Storage connector

The Plakar SFTP package provides a storage connector to host Kloset stores on SFTP servers.

flowchart LR Source@{ shape: cloud, label: "Source data" } Source --> Plakar[Plakar] subgraph Store[SFTP Server] Kloset@{ shape: cyl, label: "Kloset Store" } end Plakar -- Store snapshot via
SFTP storage connector --> Store %% Apply classes class Source sourceBox class Plakar brandBox class Store storeBox %% Classes definitions classDef sourceBox fill:#ffe4e6,stroke:#cad5e2,stroke-width:1px classDef brandBox fill:#524cff,color:#ffffff classDef storeBox fill:#dbeafe,stroke:#cad5e2,stroke-width:1px linkStyle default stroke-dasharray: 9,5,stroke-dashoffset: 900,animation: dash 25s linear infinite;

Configure

 1# Configure the Kloset store
 2$ plakar store add sftp_store sftp://sftp-prod/backups
 3
 4# Initialize the Kloset store
 5$ plakar at @sftp_store create
 6
 7# List snapshots in the Kloset store
 8$ plakar at @sftp_store ls
 9
10# Verify integrity of the Kloset store
11$ plakar at @sftp_store check
12
13# Backup a local folder to the Kloset store
14$ plakar at @sftp_store backup /etc
15
16# Backup a source configured in Plakar to the Kloset store
17$ plakar at @sftp_store backup @my_source

Options

These options can be set when configuring the storage connector with plakar store add or plakar store set:

Option	Description
`location`	`sftp://[user@]host[:port]/path`

Source connector

The Plakar SFTP package provides a source connector to back up remote directories reachable over SFTP.

flowchart LR subgraph Source[SFTP Server] fs@{ shape: st-rect, label: "/srv/data" } end Source -- Retrieve data via
SFTP source connector --> Plakar Store@{ shape: cyl, label: "Kloset Store" } Plakar --> Store %% Apply classes class Source sourceBox class Plakar brandBox class Store storeBox %% Classes definitions classDef sourceBox fill:#ffe4e6,stroke:#cad5e2,stroke-width:1px classDef brandBox fill:#524cff,color:#ffffff classDef storeBox fill:#dbeafe,stroke:#cad5e2,stroke-width:1px linkStyle default stroke-dasharray: 9,5,stroke-dashoffset: 900,animation: dash 25s linear infinite;

Configure

1# Configure a source pointing to the remote SFTP directory
2$ plakar source add sftp_src sftp://sftp-prod:/srv/data
3
4# Back up the remote directory to the Kloset store on the filesystem
5$ plakar at /var/backups backup @sftp_src
6
7# Or back up the remote directory to the Kloset store on SFTP created above
8$ plakar at @sftp_store backup @sftp_src

Options

These options can be set when configuring the source connector with plakar source add or plakar source set:

Option	Purpose
`location`	`sftp://[user@]host[:port]/path` of the remote directory to back up

Destination connector

The Plakar SFTP package provides a destination connector to restore snapshots to remote directories reachable over SFTP.

flowchart LR Store@{ shape: cyl, label: "Kloset Store" } Store --> Plakar subgraph Destination[SFTP Server] fs@{ shape: st-rect, label: "/srv/data" } end Plakar -- Push data via
SFTP destination connector --> Destination %% Apply classes class Destination destinationBox class Plakar brandBox class Store storeBox %% Classes definitions classDef destinationBox fill:#d0fae5,stroke:#cad5e2,stroke-width:1px classDef brandBox fill:#524cff,color:#ffffff classDef storeBox fill:#dbeafe,stroke:#cad5e2,stroke-width:1px linkStyle default stroke-dasharray: 9,5,stroke-dashoffset: 900,animation: dash 25s linear infinite;

Configure

1# Configure a destination pointing to the remote SFTP directory
2$ plakar destination add sftp_dst sftp://sftp-prod:/srv/restore
3
4# Restore a snapshot from a filesystem-hosted Kloset store to the remote SFTP directory
5$ plakar at /var/backups restore -to @sftp_dst <snapshot_id>
6
7# Or restore a snapshot from the Kloset store on SFTP created above to the remote SFTP directory
8$ plakar at @sftp_store restore -to @sftp_dst <snapshot_id>

Options

These options can be set when configuring the destination connector with plakar destination add or plakar destination set:

Option	Purpose
`location`	`sftp://[user@]host[:port]/path` of the remote directory to back up

SSH best practices for reliability

Create a host alias (recommended)

Define an alias in ~/.ssh/config so Plakar commands stay concise and stable:

Host sftp-prod
    HostName host.example.com
    User sftpuser
    Port 22
    IdentityFile ~/.ssh/id_ed25519_plakar

Test the alias:

1$ sftp sftp-prod

Then reference it in Plakar URLs:

1$ plakar store add sftp_store sftp://sftp-prod/backups
2$ plakar source add sftp_src sftp://sftp-prod:/srv/data
3$ plakar destination add sftp_dst sftp://sftp-prod:/srv/restore

Use key‑based, passwordless SSH

Unattended jobs must not prompt for passwords.

1$ ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_plakar -C plakar@backup
2$ ssh-copy-id -i ~/.ssh/id_ed25519_plakar.pub sftpuser@host.example.com
3$ sftp -i ~/.ssh/id_ed25519_plakar sftpuser@host.example.com

If your private key is encrypted, run an agent:

1$ eval "$(ssh-agent -s)"
2$ ssh-add ~/.ssh/id_ed25519_plakar

Host keys and trust

For production, keep strict host key checking enabled and manage ~/.ssh/known_hosts normally. Avoid disabling host key checks except in isolated test environments.

Limitations and scope

What is captured during backup

Files and directories reachable under the specified SFTP path
File metadata (timestamps, permissions, sizes)

What is not captured

System configuration outside the backed‑up path (e.g., SSHD config, firewall rules)
OS user and group database, running processes, or service state
SSH server settings and known_hosts

Snapshot consistency

Changes during backup (creates, updates, deletes) may result in a snapshot that reflects different points in time for different files. For highly dynamic paths, consider quiescing the workload or backing up from a read‑only replica.

Troubleshooting

Authentication or permission errors

Validate the SSH key, username, and target path permissions.
Ensure the SFTP subsystem is enabled on the server.

Host key verification failed

Connect once interactively to record the host key in ~/.ssh/known_hosts.
Only use insecure_ignore_host_key=true-style options in disposable test environments.

Chroot or path issues

If the server uses chrooted SFTP, verify the effective path inside the chroot matches your URL.

Passphrase prompts

Use ssh-agent to cache the key, or deploy a dedicated non‑encrypted key restricted to the backup account.

FAQ

How do I set username, port, or identity file?

Prefer SSH config (~/.ssh/config) with a host alias.

Can I move snapshots between two SFTP‑hosted stores?

Yes. Define two stores, then use plakar at @store1 sync to @store2 to synchronize them.

Book a demo

Installation

Connectors

Storage connector

Configure

Options

Source connector

Configure

Options

Destination connector

Configure

Options

SSH best practices for reliability

Create a host alias (recommended)

Use key‑based, passwordless SSH

Host keys and trust

Limitations and scope

Troubleshooting

FAQ

See also