SFTP vs. FTPS
March 11th, 2014 by Rossy GuideWhat is SFTP?
Secure file transfer protocol (sftp) is a terminal program that encrypts the files that you send and receive to a remote system. The Open-ssh package comes with three client programs. One of which is sftp. It is presently not implemented on the server.
What is FTPS?
FTPS (also known as FTP-ES, FTP-SSL and FTP Secure) is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols. FTPS should not be confused with the SSH File Transfer Protocol (SFTP), an incompatible secure file transfer subsystem for the Secure Shell (SSH) protocol. It is also different from Secure FTP, the practice of tunneling FTP through an SSH connection.
o When establishing an SSL secure session, the following steps occur:
o Authenticate the server to the client.
o Allow the client and server to select the cryptographic algorithms, or ciphers, that they both support.
o Optionally authenticate the client to the server.
o Use public-key encryption techniques to generate shared secrets.
Comparison
FTP/SSLFTP over TLS/SSLo Often called ‘FTPS’ o Often called ‘Secure FTP’ o Plain FTP over TLS/SSL channel o Password is encrypted o Transfer is encrypted o Typically runs over TCP port 21 or 990 o Defined by RFC 959, 1123, 4217 and 2228 o Implemented in FTP/SSL component |
SFTPSSH File Transfer Protocolo SSH File Transfer Protocol o Has nothing common with original FTP o Often called ‘Secure FTP’ o Password is encrypted o Transfer is encrypted o Typically runs over TCP port 22 o RFC not yet finished o Implemented in SFTP component |
Conclusion
SFTP and FTPS are both very secure with strong authentication options. However since SFTP is much easier to port through firewalls, and we are seeing an increasing percentage of trading partners adopting SFTP, I believe SFTP is the clear winner for your secure FTP needs.