Overview of SFTP, FTPS, SCP and FTP:
I am not going go in detail about sFTP
or FTPS here, since my main motive is to integrate sFTP with BizTalk, hence if
you need more information need to research by yourself
"sftp is an interactive file transfer program, similar to
ftp, which performs all operations over an encrypted ssh transport".
SFTP is part of the OpenSSH standard. Along with SSH you have
capabilities to use commands such as SCP, SFTP, etc. So....SFTP is very secure
because each packet is encrypted and compressed while sending is taking place.
It utilizes public key authentication and compression.
The Abbreviation SFTP nowadays invariably means Secure File Transfer Protocol,
however there is another protocol with the same abbreviation (Simple File
Transfer Protocol). So lets not get confused.
between FTP, SFTP and FTPS:
Why not just use FTP? Why should I use Secure FTP instead of
FTP? Why is SFTP better than FTP? <!--[if !supportLineBreakNewLine]-->
FTP Vs SFTP
Vs FTPS Vs SCP:
Transfer Protocol) does
not take any precautions to protect information transmitted during a session.
This includes your username, password, and any files transmitted.
(Secure File Transfer Protocol) is a secure replacement
for FTP (File Transfer Protocol) based on the Secure Shell protocol. Unlike
FTP, SFTP encrypts both commands and data providing effective protection
against common network security risks. SSH Client and Server provide both
command-line SFTP tools and a graphical user interface for Windows users.
SFTP encrypts the session, preventing the casual detection of your
username, password or anything you've transmitted.
major reason for implementing SFTP versus FTP is security. FTP is not even
remotely secure. During an FTP session, your username and password are
transmitted in clear text. If someone is eavesdropping, it is not difficult for
them to log your FTP username and password.
FTP all data is passed back and forth between the client and server without the
use of encryption. This makes it possible for an eavesdropper to listen in and
retrieve your confidential information including login details. With SFTP all
the data is encrypted before it is sent across the network.
is not the same as FTP/S; the latter implements the original FTP protocol
through a separately-created secure tunnel.
(FTP-SSL) is a real ftp that uses
TSL/SSL to encrypt the control session and if required the data session. With
FTPS the control session is always encrypted, but the data session might not
be. Why is this? Because with the control session encrypted the authentication
is protected and you always want this (normal ftp uses clear text). If you are
NOT pre-encrypting the file, you want the data session encrypted so that the
file is encrypted while the data is in flight. However, if you are
pre-encrypting the file then you do not need to have the data connection
encrypted as you do not need to add the overhead of encrypting the data
connection, since the file is already encrypted. Understand that
SFTP is SSH file transfer and FTPS is FTP with SSL, FTPS
is a file transport layer on top of SSL or TLS. The FTPS adds
SSL-enabled FTP send and receive capabilities, uses the FTP protocol to
transfer files to and from SSL-enabled FTP servers.
SCP (Secure Copy) is a
non-interactive command-line tool for securely transmitting files from a
machine to another. It is a secure replacement for RCP and provides a similar
command-line syntax. SCP is strongly based on SFTP but is often a more suitable
choice when setting up unattended file transfers using scripts.
is a free version of the SSH protocol suite. OpenSSH servers and clients are
available for both Unix and Windows.
has been ported to Windows with the popular CYGWIN utility. The project was
created by Network Simplicity (http://www.networksimplicity.com/)
List of SFTP Clients:
is a commercial version of SSH, with required license fees for commercial use
(noncommercial use is free). Commercial SSH clients/servers are available for
both Windows and Unix systems.
There are many client tools, you can use to connect to the SFTP servers, few of
them I was interested were Core FTP LE, putty.exe, freeSSHd.exe,
FileZilla_Server-0.9.12c.exe, Cygwin, WINSCP
Your choice of an SSH client is highly dependant on the type of functionality
required for SSH. For example, if SSH is being deployed primarily for its
file-transfer capabilities, We can go with Core FTP/WinSCP and SSH
Communications' these SSH clients are probably good choices.
On the other hand, if SSH is being deployed for remote shell access via an HTTP
proxy server, the SecureCRT and PuTTY clients are probably good choices.
Lastly, if SSH is being deployed for remote access from undefined and
uncontrolled terminal locations, MindTerm is probably a good choice, since it
offers SSH access with the need of only a Web browser.
Operating system support The
operating systems the clients can run on.
Information about what internet
protocols the clients support. External links lead to information about
support in future versions of the clients or extensions that provide such