Building PowerShell Tools for MSPs: Using SFTP

This post is part of a series on PowerShell for MSPs.

Working with REST APIs

HTML Tables for Reporting

How to Encrypt Passwords in PowerShell

As an MSP, having the ability to transfer files and folders to and from the client can be a game changer in certain situations. For example, let’s say you have the scenario where a client has endpoints that need a specific version of java installed to run their main application. To add another hurdle, the client does not have a file server and all the endpoints are not joined to a domain. How can we get this rolled out with as little effort as possible? We can spend resources on sending a tech onsite to touch each workstation or we can use PowerShell and an SFTP server to create a PowerShell script that downloads and installs the specific Java install from an SFTP server. To get around our hurdle of the workstations not being on a domain, we can deploy the script using our Monitoring Software or AV (most monitoring or Anti-Virus software has some sort of remote script execution feature). Businesses need agile IT solutions like this to be successful and MSPs that can provide them will stand out from their competitors. Using PowerShell and SFTP is just another way to show off your talent to the client.

I highly recommend using SFTP and not FTP. SFTP is the protocol that will ensure that data is encrypted between the computer and the FTP server.  If you do not have an FTP server with SFTP set up, there are numerous guides online for setting up either a Linux or Windows SFTP server.

Currently, PowerShell does not have SFTP capabilities natively. However, there are various PowerShell modules available that provide the ability to connect via SFTP. In this example, we will use POSH-SSH. This module requires PowerShell 3.0 to work properly. So, the OS will need to be Windows 8 or higher. You can also install the Windows Framework 3.0 on Windows 7 SP1 workstations to install PowerShell 3.0 on them.

Installing POSH-SSH

To install the POSH-SSH module on a workstation open a PowerShell command prompt and run the following command:

install-module posh-ssh

Enter “Yes” to agree to install the module. You will now have access to the POSH-SSH cmdlets:

POSH-SSH cmdlets listed

If you need to install this module on a workstation that does not have access to the internet, you can do the following:

1) From a workstation that has the module installed, copy the folder C:\Program Files\WindowsPowerShell\Modules\Posh-SSH to a network share (\\networkshare\Posh-SSH).
2) On the workstation that needs the module, run the following command in PowerShell:

Import-Module \\networkshare\posh-ssh

The module will install and you will have the SFTP cmdlets on that workstation. You can script this into your code as well in order to pull files and folders down from your SFTP site.

Using PowerShell and SFTP

Now that we have the POSH-SSH module installed on our workstations we can test downloading and uploading files to our SFTP server. So for our example we have a Java install on our SFTP site:

Uploading files to SFTP

To access this file remotely from another computer, we will need to establish and SFTP session with our SFTP server. We’ll use the New-SFTPSession cmdlet to start a session:

New-SFTPSession -Computername

You will be prompted for SFTP credentials. Once the proper credentials are entered, a status message containing the session ID will be displayed:

New SFTPSession status messages

We will use the Get-SFTPFile cmdlet to download the file to our computer:

Get-SFTPFile -SessionId 0 -RemoteFile /SFTP/ JavaSetup8u151.exe -LocalPath c:\temp


Now when we check the folder, we can see that we have the installer file:

Java installer file

Another useful cmdlet is the Set-SFTPFile cmdlet, this allows us to upload files to the SFTP source:

Set-SFTPFile -SessionId 0 -RemotePath /SFTP -LocalFile C:\temp\TestFile.txt


And when we check the SFTP server, we can see the file is there:

Set-SFTPFile transfer

Now that we can verify that our cmdlets work and we can successfully transfer files. Let’s write a script that we can deploy to multiple workstations to install this version of java:

#install POSH-SSH PowerShell Module to connect to SFTP Server
install-module posh-ssh -force

#Create temporary directory
New-item -itemtype directory -force -path c:\Temp

#Create Credentials
$password = ConvertTo-SecureString "mypassword" -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential ("luke", $password)

#Establish SFTP Session
$Session = New-SFTPSession -Computername -credential $creds

#Download Java installer file from SFTP session
Get-SFTPFile -SessionId $session.SessionID -RemoteFile /SFTP/ JavaSetup8u151.exe-LocalPath c:\temp

#Silently Install Java
Start-process "C:\software\ JavaSetup8u151.exe" -argumentlist "/s" -wait

remove-item -path " C:\software\ " -recurse -force

We can now deploy this to multiple workstations using our Anti-Virus or Remote Monitoring tools. While executing the script, they will download the Java installer file from our SFTP server and silently install in the background. Once complete, the script will clean up the temporary directory before ending. With PowerShell and SFTP you open up so many more opportunities to provide quick and fast turnaround times for your clients as well as reduce “man hours” on a particular task

Also note, that in this script we have the password in clear text. I highly recommend that if you do this, the account used in the script should only have read-only privileges to just that SFTP directory. Anyone could view the code in this script and get the password for the account. We could also secure the password a little more by creating an AES encrypted file and referencing that file through the script for the password information, which I will demonstrate in a future post.

Now that you know of a way to use PowerShell and SFTP to transfer files, let me know in the comments of ways you’ve used this or plan to use it in your work environment!

More articles about how MSPs can make the most out of PowerShell in their operations:

Working with REST APIs

HTML Tables for Reporting

How to Encrypt Passwords in PowerShell

Hungry for More Automation for MSPs Tips?

Watch our on-demand webinar 4 Ways to Improve your MSP by Embracing Automation and DevOps hosted by Microsoft Cloud and Datacenter Management MVPs Andy Syrewicze and Adam “The Automator” Bertram. The webinar covers:

  • Simple ways to get started with automation
  • How PowerShell can help save time and money when used for lengthy tasks
  • How treating your scripts like code can prevent mistakes and costly problems
  • How Leveraging REST APIs can enable further automation and operational efficiencies

4 Ways to Improve your MSP by Embracing Automation and DevOps

Get a 30-day trial of Altaro VM Backup for MSPs

Manage all your customer VM backups from a single cloud console, on a monthly subscription. Try Altaro VM Backup for MSPs for 30 days - no strings attached!

Share this post

Not a DOJO Member yet?

Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!

Leave a comment

Your email address will not be published. Required fields are marked *