SFTP vs. FTPS: Secure File Transfer Protocols Explained

SFTP vs FTPS Secure File Transfer Protocols Explained 1

When you run a business online, what is the thing which will concern you the most? The security of your data, isn’t it? A heavy volume of data is transferred over the internet every day. Many businesses either use SFTP or FTPS protocols for safeguarding their data. There are many options to transfer files; we will take a look at two of the best standard protocols available.

  1. SFTP
  2. FTPS

Both names are similar. The only difference is the letter S, which is placed at the beginning and end of the protocol. 

SFTP: Secure File Transfer Protocol

It is also known as SSH File Transfer Protocol.

Internet Engineering Task Force [IETF] had designed SFTP over the Secure Shell protocol [SSH]. It is a file transfer protocol that provides access to files, transfer of files, and overall management of the files over the internet. SSH protocol was built for a secure connection between computers for the transfer of data. 

When one uses SFTP, an SSH connection is initiated to a remote server. This leads to a series of security layers, and then a safe and secure pathway is opened for the remote server. Now, this pathway is used by the SFTP for communication with a remote server. So the SFTP server will get various commands such as uploading, downloading of files, moving of files, etc. All the commands and data are transferred through the secure pathway or channel.

SFTP uses two methods for authentication:

  1. SFTP Authentication with Username and Password: SFTP allows you to create a username and password. Your login credentials are encrypted; hence they are secure.
  1. SFTP Authentication using SSH Keys: This method involves creating an SSH private and public key. The public key can be sent to your client, which they can use on their server. So when they want to connect to your server, client software will send the public key for authentication. If both the public and private keys match, the authentication will be completed, and the connection will be established.

Advantages of Using SFTP

  • The first and the most important thing is the secure connection. Since SFTP is designed on a pre-secured protocol, it works on a secure pathway at the first step while connecting.
  • Most of the added security features come built-in. Key-based authentication is supported by SFTP. While most of the secure protocols ask you for a user id and password, SFTP enables you to use SSH keys. SSH keys are indeed a tool that allows you to authenticate securely without the use of any password. An SSH key is an important tool if you want direct login for some of your automatic processes.
  • SFTP uses a single port for its connection. Port 22 is used for the whole process; if your firewall prevents your server from making connections with other servers, then you need to only enable Port 22 for establishing the SFTP connection. 

FTPS: File Transfer Protocol

FTPS, also known as FTP-SSL, is a commonly used File Transfer Protocol over Secure Sockets Layer [SSL].

The FTP was designed for science and research data purposes. The SSL protocol was later embedded into the FTP. A layer was added to the FTP protocol, thus making it FTPS. For the transfer of files, two connections are used:

  • A control connection
  • A data connection

Example: Someone logs in and uses commands like change directory, get files, etc. These are the commands for the server. These commands include download, upload files, etc. These commands are sent through the control connection, and the files are sent through the data connection. 

For client security, two methods are used in FTPS. They are:

  • Implicit: This method involves a Transport Layer Security being set up at the start of a connection, which then serves clients or servers not using FTPS. 
  • Explicit: In this method, standard protocol commands are used to improve the plain connection to a secure and encrypted connection. 

How do the FTPS Works?

With FTPS, you can either use a user ID/password, a certificate, or both things. FTPS will authenticate your connection by using either of the mentioned things. Let us list down the process step by step:

  1. Suppose you want to connect to your trading partner through his FTPS server. The server’s certificate will be checked first for its authenticity by your FTPS client. 
  1. The certificate will be considered trusted only if the CA, i.e. certificate authority, signed it. Now the CA also needs to be a known and standard authority. Another way of verifying the certificate security will be if your partner self-signs the certificate and a copy of the public certificate is with your key store.  
  1. Similarly, you should also provide a certificate when you try to connect to your partner. Your partner will require the certificate, which an industry-standard CA should sign. If it is not, you should self-sign your certificate and send it to your partner, who will load it in their key store.
  1. Authentication of the User ID can be done by a combination of password and certificate authentication.

Encryption Method in FTPS

FTPS/FTP-SSL adds an encryption layer to both the control and data connections. While in the standard FTP protocol, all the commands and information of the files are sent by clear text. When you connect to the FTPS server for the first time, the FTP client issues a plain-text command, usually a STARTTLS or AUTH TLS command. Now, this is before you send your username and password.

This cycle continues; the FTP client will use commands such as CD, GET, etc. These commands then direct the FTPS server that the connection is to be encrypted. The contents of the commands [command channel] and data that is to be transferred [data channel] are both encrypted.   

FTPS uses several ports which need to be opened while establishing the connection. Port 21 needs to be opened as well as many high ports. Port 21 is the control port, whereas Port 60000 to 65535 are used for the data channel. 

FTPS does not support key-based authentication, but it does support a username and password.     

Key Differences Between SFTP and FTPS

  • The major difference in both protocols is the number of ports used by them.
  • For all the communication, SFTP requires just one port number throughout. This makes it very secure.
  • FTPS requires the use of multiple ports. Authentication and transfer of commands are done by the first port of the command channel. But every time a new request for file transfer is made or a request for listing of directory, new port needs to be used for establishing a pathway/channel. This means that while transferring data, both parties need to open multiple ports in the firewalls, which in turn are a big security risk.

Conclusion of SFTP vs. FTPS

Both protocols feature key advantages and are very secure, but SFTP wins by a very thin margin as it simply provides more flexibility. You can also check our article on What is an Nginx Server?

The following points make SFTP a winning protocol:

  1. SFTP is built on an already secure protocol, i.e., SSH. This provides an added security for your files. It works best with firewalls.
  2. SFTP provides some extra features such as audit logs, automatic file encryption etc.
  3. SFTP works by using only one port.
  4. SFTP allows authentication without using any password. 
  5. For a WordPress user who wants to transfer their files from the server, SFTP is the best option since the user might not have the required certificate for FTPS connection.

Leave a Comment