FTP vs. FTPS and SFTP – what is the difference?
The FTP service to up- and download files is well known.
But what is the difference between the other types such as FTPS and SFTP? Which one is responsible for a secure transfer? To understand the difference, let’s start by explaining the regular FTP protocol.
What is FTP?
The FTP protocol originates from 1971 when the first RFC entry (959) was published for the FTP protocol. FTP could upload, download copy and delete files on different computers/servers. Additionally, it could create, delete and read directories. FTP uses usernames and passwords for authentication via an unencrypted connection as well as the transfer (usually through the default port 21).
What is FTPS?
FTPS – File Transfer Protocol over SSL establishes the connection and the data transfer via the SSL/TLS protocol. There are two modes:
- Explicit Mode
In Explicit Mode the client will request that the connection to the Server is secured and accept the encryption together. If the client doesn’t request this security, the server can either allow an unsecure connection to be established, suppress the connection or straight up block it.
- Implicit Mode
In Implicit mode negotiating connections is not supported. The client sends his answer right after he sends the request via SSL/TLS. The connection is cut off if the client doesn’t receive an answer. However, this mode is not defined in the official RFC 4217, which is why there is no standard for it.
The authentication is preformed using username and password via an encrypted connection as well as the transfer.
The safety feature for FTP is FTPS.
What is SFTP?
Another Security standard has developed in UNIX systems: SSH. SSH’s main function back then was to encrypt remote access on the UNIX Shell and was improved through the File Transfer Protocol (FTP) later on – initially with SCP afterwards with SFTP. Thereby SFTP has nothing to do with the actual FTP and is called “SSH File Transfer Protocol” for that reason. The authentication is preformed using username and password and the transferred data gets encrypted.
So SFTP is the “SSH File Transfer Protocol” via an active SSH connection.
The frequent mistake
The abbreviation SFTP is often used falsely to describe “Secure FTP” which it is not in fact. A similar common mistake is that the phrase SFTP is used as “FTP over SSL” which in this context is wrong as well. “FTP over SSL” is FTPS!
And now? FTPS or SFTP?
We advise you not to use FTP without encryption if possible.
Ideally you should use FTPS in explicit mode (FTPES).
With SFTP, the transmission of access data is always encrypted, the transmission of files can be encrypted.
We offer SFTP with the FastFTP service.