< All Topics

FTP vs FTPS vs SFTP – What is the difference

SFTP vs FTPS protocol comparison

One of the most commonly asked questions is the difference between FTPS vs SFTP. This brief article highlights the main distinctions of these two protocols and the differences between FTPS vs SFTP. The two secure protocols supported by Hosted~FTP~ for secure, encrypted transferring of files include SFTP and FTPS. The historical rationale for the implementation of these protocols was:

  • To enhance the standard FTP protocol to make it more secure (FTPS) which built on the existing knowledge base (supported by Hosted~FTP~)
  • Add FTP capabilities to Secure Shell (SFTP). Hosted~FTP~ supports Username/Password logon credentials; PKI support included

FTPS is a protocol for transferring files using a Secure Socket Layer (SSL) for the commands and data that are being transferred between the client and the server. FTPS (FTP over SSL or FTP Secure) is an extension to FTP that uses the security mechanism of SSL to protect the information from eavesdropping (similar to extending HTTP –> HTTPS). Secure Sockets Layer (SSL) is a cryptographic protocol that provides secure communications and was developed by Netscape Communications Corporation to provide security and privacy over the Internet. Due to the widespread use of SSL, it can be considered a “de facto standard”. FTPS transmits the encrypted messages in a text format, allowing people to read logs and determine what happened during the session.

SFTP (SSH File Transfer Protocol) is completely different from FTP, as it was built from the ground up, to add FTP capabilities to SSH. SFTP uses a single channel to transmit and receive all the pertinent data, while FTPS uses another channel that is dynamically decided for the data. SFTP transmits the encrypted messages in a binary format, which prevents people from reading logs and determining what happened during the session.
As mentioned above, both can be used to achieve a secure connection for transferring files, but there are points to consider for each. FTPS has the advantage of being well-known and familiar to users who have already used FTP. This is because it uses the same or very similar commands to FTP.

Summary:

FTPS

SFTP

Comments/observation

FTPS was created as an extension of FTP to add security mechanisms SFTP is an extension of SSH that adds file transfer capabilities to the already secure SSH. Uses standard FTP commands that are well known and understood
FTPS uses two channels to facilitate communications and data transfer SFTP only uses one channel Uses an additional channel on routers for transmission. Impact minimal.
FTPS sends and receives encrypted messages in a human-readable format SFTP sends and receives encrypted messages in binary Reading logs and determining what happened during the session
SSL is used predominantly for securely transmitting critical information using digital certificates for authentication SSH is more about network tunneling to execute commands across the internet SSL means Secure Sockets Layer. Many protocols like HTTP, SMTP, FTP, and SSH were adjusted to include the support of SSL.
FTPS uses standard techniques of public-key cryptography & Digital Certificates to check that a server’s certificate and public ID are valid and have been issued by a certificate authority (CA) listed in the client’s list of trusted CAs. SFTP implements Username and password & Private key and passphrase authentication. Public key cryptography assures private and secure data transmission through two processes: authentication and encryption.
Digital certificates are a standard way of binding a public key to a name. In order to provide a digital certificate, the data sender must apply for a digital certificate from a Certificate Authority (CA) such as VeriSign. This way, the CA acts as a neutral third party that verifies the data sender is who or what they claim to be.

 

Table of Contents