Search
Close this search box.

Overview of SFTP, FTPS, SCP and FTP

Overview of SFTP, FTPS, SCP and FTP:

I am not going go in detail about sFTP or FTPS here, since my main motive is to integrate sFTP with BizTalk, hence if you need more information need to research by yourself

SFTP:

sftp is an interactive file transfer program, similar to ftp, which performs all operations over an encrypted ssh transport”.

SFTP is part of the OpenSSH standard. Along with SSH you have capabilities to use commands such as SCP, SFTP, etc. So….SFTP is very secure because each packet is encrypted and compressed while sending is taking place. It utilizes public key authentication and compression.The Abbreviation SFTP nowadays invariably means Secure File Transfer Protocol, however there is another protocol with the same abbreviation (Simple File Transfer Protocol). So lets not get confused.

Differences between FTP, SFTP and FTPS:

Why not just use FTP? Why should I use Secure FTP instead of FTP? Why is SFTP better than FTP? <!–[if !supportLineBreakNewLine]–>

FTP Vs SFTP Vs FTPS Vs SCP:

FTP (File Transfer Protocol) does not take any precautions to protect information transmitted during a session. This includes your username, password, and any files transmitted.

SFTP (Secure File Transfer Protocol) is a secure replacement for FTP (File Transfer Protocol) based on the Secure Shell protocol. Unlike FTP, SFTP encrypts both commands and data providing effective protection against common network security risks. SSH Client and Server provide both command-line SFTP tools and a graphical user interface for Windows users. SFTP encrypts the session, preventing the casual detection of your username, password or anything you’ve transmitted.

The major reason for implementing SFTP versus FTP is security. FTP is not even remotely secure. During an FTP session, your username and password are transmitted in clear text. If someone is eavesdropping, it is not difficult for them to log your FTP username and password.

In FTP all data is passed back and forth between the client and server without the use of encryption. This makes it possible for an eavesdropper to listen in and retrieve your confidential information including login details. With SFTP all the data is encrypted before it is sent across the network.

SFTP is not the same as FTP/S; the latter implements the original FTP protocol through a separately-created secure tunnel.

FTPS (FTP-SSL) is a real ftp that uses TSL/SSL to encrypt the control session and if required the data session. With FTPS the control session is always encrypted, but the data session might not be. Why is this? Because with the control session encrypted the authentication is protected and you always want this (normal ftp uses clear text). If you are NOT pre-encrypting the file, you want the data session encrypted so that the file is encrypted while the data is in flight. However, if you are pre-encrypting the file then you do not need to have the data connection encrypted as you do not need to add the overhead of encrypting the data connection, since the file is already encrypted. Understand that SFTP is SSH file transfer and FTPS is FTP with SSL, FTPS is a file transport layer on top of SSL or TLS. The FTPS adds SSL-enabled FTP send and receive capabilities, uses the FTP protocol to transfer files to and from SSL-enabled FTP servers.

SCP (Secure Copy) is a non-interactive command-line tool for securely transmitting files from a machine to another. It is a secure replacement for RCP and provides a similar command-line syntax. SCP is strongly based on SFTP but is often a more suitable choice when setting up unattended file transfers using scripts.

SSH Servers

OpenSSH (http://www.openssh.com/)

  1. OpenSSH is a free version of the SSH protocol suite. OpenSSH servers and clients are available for both Unix and Windows.
  2. OpenSSH has been ported to Windows with the popular CYGWIN utility. The project was created by Network Simplicity (http://www.networksimplicity.com/)

SSH2 (http://www.ssh.com/)

SSH2 is a commercial version of SSH, with required license fees for commercial use (noncommercial use is free). Commercial SSH clients/servers are available for both Windows and Unix systems.

List of SFTP Clients:

There are many client tools, you can use to connect to the SFTP servers, few of them I was interested were Core FTP LE, putty.exe, freeSSHd.exe, FileZilla_Server-0.9.12c.exe, Cygwin, WINSCP

Your choice of an SSH client is highly dependant on the type of functionality required for SSH. For example, if SSH is being deployed primarily for its file-transfer capabilities, We can go with Core FTP/WinSCP and SSH Communications’ these SSH clients are probably good choices.

On the other hand, if SSH is being deployed for remote shell access via an HTTP proxy server, the SecureCRT and PuTTY clients are probably good choices.

Lastly, if SSH is being deployed for remote access from undefined and uncontrolled terminal locations, MindTerm is probably a good choice, since it offers SSH access with the need of only a Web browser.

Operating system support The operating systems the clients can run on.

Protocol support:

Information about what internet protocols the clients support. External links lead to information about support in future versions of the clients or extensions that provide such functionality.

http://en.wikipedia.org/wiki/Comparison_of_FTP_clients

posted on Thursday, March 23, 2006 7:49 AM

This article is part of the GWB Archives. Original Author: Vamsi Krishna

Related Posts