SFTP is a common acronym in the world of networking, but did you know that there are two protocols abbreviated as SFTP? Generally speaking, SFTP can refer to either the SSH File Transfer Protocol or the Simple File Transfer Protocol. Both these protocols have a relation with File Transfer Protocol (FTP).
Simple File Transfer Protocol is the first protocol abbreviated as SFTP. It is defined and proposed by RFC 913 as an unsecured file transfer protocol with a level of complexity intermediate between Trivial Transfer Protocol (TFTP) and FTP. It was never extensively employed on the Internet and is now assigned Historic status by the Internet Engineering Task Force (IETF).
The SSH file transfer protocol is chronologically the second of the two protocols abbreviated SFTP. It applies the Secure Shell protocol (SSH) to transfer files securely. In contrast to FTP, it encrypts both commands and data, preventing passwords and sensitive information from being transmitted openly over the network.
However, as Simple File Transfer Protocol is not prevalent, now SFTP mostly refers to SSH File Transfer Protocol.
To understand both these SFTPs, we will first know a bit about FTP, and then we will discuss in detail both of them separately.
Since the emergence of the internet, there has been a need to transmit or share files externally. File Transfer Protocol (FTP) played a significant role in addressing that need.
FTP is a standard network protocol that helps in transferring computer files between a client and server on a computer network, and even over the internet.
Here, one computer acts as the client to send or request files from the server and the other acts as the server to store information.
The major issue with FTP – Security
Today, security has become a serious concern. Although FTP is a well-established and age-old protocol, it is unsecured. The communication that happens between a client and server is in plain text and is sent unprotected.
FTP accounts need passwords for access, and it would be easy for an attacker to get them by watching the network traffic.
That’s why it was necessary to improve on FTP and add security to encrypt the network traffic as well as authenticate both the client and the server.
What is SSH File Transfer Protocol?
The necessity to provide a secure FTP implementation led to the rise of the Secure File Transfer Protocol (SFTP). It is one of the primary technologies for secure FTP networking.
IETF designed it as an extension of the Secure Shell protocol (SSH) version 2.0 to deliver secure file transfer capabilities.
SSH provides encryption of communications between the FTP server and client. And it also helps in accessing, transferring and managing files on remote systems.
SSH FTP also safeguards against password sniffing and man-in-the-middle attacks. It also secures the integrity of the data using encryption and cryptographic hash functions and authenticates both the server and the user.
How does an SSH File Transfer Protocol work?
SSH File Transfer Protocol is made in a way that it can be employed to provide a secure remote file system mechanism, and also a reliable file transfer service.
It assumes that it runs over a secure channel, such as SSH and that the server already authenticates the user at the client end. Also, the identity of the client user is externally available to the server implementation.
In general, this protocol follows a simple request-response model. Each request and response includes a sequence number, and multiple requests may be pending concurrently.
Comparatively, there are a large number of different request messages, but a small number of possible response messages.
There are one or more response messages for each request which a result can return. For instance, a read either returns data or reports error status.
It uses the same commands as the standard file transfer protocol (FTP).
Can SSH File Transfer Protocol interoperate with FTP?
You cannot interoperate SSH File Transfer Protocol with FTP software.
SSH FTP is not backward compatible with the traditional FTP protocol. That is, the SSH FTP clients cannot communicate with FTP servers and vice versa.
Some client and server software embeds support for both protocols to overcome this limitation.
What is SSH in SSH File Transfer Protocol? Are SSH and SFTP the same?
The SSH in SSH File Transfer Protocol stands for Secure Shell. SSH is a protocol for remotely logging into a machine.
During remote connection to another computer or when transferring files between computers, it is necessary to use encryption to protect usernames, passwords, and other sensitive information.
It requires the use of secure protocols.
Secure Shell (SSH) creates a secure connection when you log in to a remote computer.
Secure File Transfer Protocol (SFTP) uses SSH and provides a safe way to transfer files between computers. It runs over the SSH protocol.
It supports the full security and authentication functionality of SSH.
How FTP and SSH File Transfer Protocol are different?
SSH File Transfer Protocol is entirely different from FTP, and the significant difference between the two is the security.
However, there are some other differences too which make SSH FTP more compatible and reliable than the original FTP.
Let’s analyze the differences between these two protocols in the below points:
- FTP is a network protocol that transfers files over a TCP/IP network. On the other hand, SSH FTP is a network protocol which allows file access, transfer, and management over a reliable data stream.
- FTP is accessible anonymously. That means that the user may log in to this server with an ‘anonymous’ account when asked for a username and password.
Also, in most cases, it is not encrypted. However, SSH FTP protocol is encrypted and makes the control of traffic ineffective when using traditional proxies.
- FTP does not provide any secure channel to transfer the files between the hosts whereas; the SSH FTP protocol provides a secure channel for transferring the data files between the hosts on the network.
- FTP makes a connection using control connection on TCP port 21. On the other hands, SSH FTP transfer the file under the secure connection established by SSH protocol between client and server.
- FTP transfers the password and data in the plain text format whereas, SSH FTP encrypts the data before sending it to another host.
- SSH FTP is packet-based as compared to the text-based FTP. For instance, FTP may send a command such as “DELE file.txt,” whereas SSH FTP will send a binary 0xBC and then “file.txt.”
- Another difference is that most versions of SSH FTP Server software can deliver a much more productive and more detailed set of data about the files. For example, the permissions, date, time, size, and other information not ordinarily available to FTP, thanks to the more robust request protocol of the SSH FTP.
What do you mean by Secure FTP?
SSH File Transfer Protocol is one method for implementing so-called secure FTP. The other conventional method utilizes Secure Sockets Layer (SSL)/transport Layer Security (TLS) technology.
To avoid confusing these two methods, use the acronym SFTP only to refer to SSH File Transfer Protocol and not to secure FTP generally.
What is Simple File Transfer Protocol?
Simple file transfer protocol (SFTP) refers to an unsecured, lightweight version of FTP, which runs on TCP port number 115.
It includes a command set of 11 commands and supports three types of data transmission: ASCII, binary and continuous. The type controls the mapping of the stored file to the transmission byte stream.
The default is binary if the type is not specified.
Simple FTP also supports user access control, file transfers, directory listing, directory changing, file renaming and deleting. You can implement it with any reliable 8-bit byte stream oriented protocol.
RFC 913 defines it as a protocol exhibiting an intermediate complexity level between trivial transfer Protocol (TFTP) and FTP.
TFTP refers to a simple, lock-step FTP that helps a client to receive a file from or send a file to a remote host. It is effortless to implement and has limited features as compared to FTP.
However, Simple FTP did not get much attention in comparison to TFTP and is not as accepted widely on the Internet.
Sometimes, people confuse it with Secure Shell FTP or SSH File Transfer Protocol, for having similar acronym SFTP.
Nowadays, data security is a major concern for every organization, and increasingly, the spotlight is on the file transfer and sharing solutions. Cybercriminals are continuously stealing terabytes of data by successfully penetrating network infrastructures and end-user machines.
That’s why you should not compromise in securing your file transfer and data sharing systems. One often overlooked area that can leave you vulnerable to cyber attack is old or under-managed FTP servers. Here comes the role of SSH File Transfer Protocol.
SSH FTP has pretty much-replaced legacy FTP as a file transfer protocol. It provides all the functionality offered by the original protocol, but more securely and more reliably, with a simpler configuration. If you are still not using it, then it’s high time that you do.
Also, talking about Simple FTP, it is not in use now as it was unable to garner much attention in the Internet world. That’s why SFTP is now majorly an acronym for SSH File Transfer Protocol.