FTP vs. SFTP: Which one should I use?

15.06.2022, 15:32

1 kommentar

FTP is the most popular file transfer protocol within networks (including the Internet). It makes transferring large files easy, but it also has many vulnerabilities. SFTP is an attempt to create a secure FTP. A very successful attempt we should say.

In this article we explain the differences between FTP and SFTP.

What is FTP?

FTP (File Transfer Protocol) is well, a file transfer protocol. It is used to transfer files from a client computer to a server, within a network such as the Internet. FTP was originally developed to transfer command lines. But today is mainly used to manage server files remotely.

FTP uses a clear-text sign-in authentication protocol (username and password) to connect a client to a server. Through an FTP client software, you can upload files to your server or download from it.

FTP is a useful, simple protocol, and is used by almost everybody who is involved with web-servers and networks. But it has a major flaw.

As we mentioned FTP uses a simple authentication method, and then transfers data in its original form within the network. This exposes your FTP connection the many hacking methods including password sniffing attacks.

To fix this, FTP has been largely replaced by a secure protocol called SFTP.

What is SFTP?

SFTP (Secure File Transfer Protocol) is an FTP that uses the SSH encryption method to transfer files. SFTP is a way to secure the data transfer and make sure the data cannot be intercepted by hackers and other intruders.

SFTP was developed by the IETF as an extension of SSH 2.0 and its first draft was released in 2001. Today it is the main protocol for transferring files within a client and a server.

What are the differences between FTP and SFTP?

The main difference between FTP and SFTP is the security. FTP is largely out of use today because of its many vulnerabilities. While SFTP uses the SSH protocol to secure the file transfer through the network.

Why is FTP less secure than SFTP?

SFTP uses a cryptographic protocol named SSH to send the data securely through the network. So if someone was to intercept an FTP connection, they could simply read the data, whilst an encrypted transfer is much more secure in the face of hacking attacks.

SFTP uses SSH as its security protocol, thus uses port 22 for transferring data. The simple FTP uses multiple ports (mostly port 20 and 21) which can cause certain complications with your server’s firewall.

When would FTP be a better choice than SFTP?

Some people are still using plain FTP, although it's very rare. And quite honestly it’s difficult to name an advantage for FTP that SFTP doesn’t already cover. Other than certain cases of compatibility problems with SSH or just a lack of expertise in how to use an SSH key.

There is also another protocol named FTPS which uses SSL for security. If SFTP seems to be hard to manage, you can look into FTPS as another option. Obviously it functions differently compared to SFTP, but SSL is typically a more familiar protocol. Thus you can use it for secure file transfer within your network.

How to tell if you are using SFTP or FTP?

Most hosting providers include the details on the SFTP support, and you can choose an SFTP format in your FTP client for a secure connection. Also SFTP hostnames usually start with sftp://.

If you have access to your server, you can install an SFTP server using this instruction.

How to check if the FTP server supports SFTP?

As we said SFTP uses port 22 and it’s hostname starts with sftp://. You can test connecting with SFTP credentials and see if the sftp connection is available. You can also contact your provider for details on the server’s config or simply install the SFTP server if you have access to it.

How to change the FTP server to the SFTP server?

Firstly you need to install the SFTP server on the server computer. If it is already there, you just need a standard FTP client (such as FileZilla) to connect to your SFTP server.

To use FileZilla to connect to an SFTP server, take the steps below:

  1. Open FileZilla and go to File > Site Manager.

  2. Click on New Site.

  3. Choose a name.

  4. Enter your IP address on in the Host field.

  1. Choose the ‘SFTP – SSH File Transfer Protocol’ as your Protocol.

  2. If the server uses a password you can change the Logon type to Normal and enter your credentials. If you are using an SSH key, change the Logon type to Key file. Enter your username and then browse for your key (.pem) file.

  3. Click connect.

 Conclusion

FTP is a plain file transfer protocol that can be easily exposed in-case of an interception. Because of that SFTP uses the SSH protocol to secure the FTP file transfer.

There are other options such as FTPS that you can use to access encrypted FTP. But it’s for the best to move from FTP to a more secure platform, as soon as possible.

Del artikkel:

Relaterte artikler