Last Updated 05/03/2024
Are SFTP and FTP the same? While they both transfer files, the answer to this question is ultimately, NO.
Secure File Transfer Protocol or SSH File Transfer Protocol (SFTP) and File Transfer Protocol (FTP) are NOT the same thing. SFTP, not to be confused with FTP Secure (FTPS), is a network SFTP is an extension of the 2.0 version of the Secure Shell (SSH) protocol.SFTP is designedtused to exchange files over a Transmission Control Protocol (TCP) and Internet Protocol (IP) network. to exchange files over a Transmission Control Protocol (TCP) and Internet Protocol (IP) network.
Learn the Terms: GoAnywhere Glossary
FTP Basics
FTP is a popular file transfer method that has been around longer than the world wide web – and it hasn’t changed much since its invention. When FTP was created, it wasn’t automatically assumed that internet activity could be malicious, so it wasn’t constructed to deal with the kind of cybersecurity threats we now face.
FTP exchanges data using two separate channels known as the command channel and data channel. With FTP, both channels are unencrypted, leaving data sent over these channels vulnerable to being intercepted and read.
Related Reading: Why You Should Use File Encryption Software
SFTP Basics
SFTP works over the Secure Shell (SSH) data stream to establish one secure connection and provide organizations with a higher level of file transfer protection. SFTP uses encryption algorithms to securely move data to your server and keep files unreadable during the process, while authentication prevents unauthorized file access during the operation.
While SFTP doesn’t require two-factor authentication, you do have the choice to require both a user ID and password, as well as SSH keys, for a more secure connection. Requiring SSH keys can prevent unauthorized users from connecting to a server.
SFTP also includes options to perform a wide variety of tasks for sensitive files, from removing files to resuming dropped transfers.
Explore our SFTP client for managed file transfer to learn about other SFTP capabilities.
How does SFTP Authenticate for Security?
SFTP provides two main methods for authenticating connections. Like FTP, you can use a user ID and password. However, with SFTP these credentials are encrypted and gives SFTP a major security advantage over FTP.
The other authentication method you can use with SFTP is SSH keys. This involves first generating both an SSH private key and a public key, where you can then send your SSH public key to your trading partner to be loaded onto their server and associated with your account. When they connect to your SFTP server, their client software will transmit your public key to the server for authentication. If the public key matches your private key, along with any user or password supplied, then the authentication will succeed.
User ID authentication can be used with any combination of key and/or password authentication.
The Main Differences Between FTP and SFTP
- Encryption – The biggest, and one of the most crucial differences, between FTP and SFTP is the fact that one is encrypted (SFTP) while the other is not (FTP). SFTP is a much more secure protocol compared to FTP, considering that when files are being sent and received using the more basic FTP, they are done so unencrypted. This means that even if the connection is secure, the transmission may not be, and any data currently in transit can potentially be intercepted by a person with malicious intentions.
- Firewalls – The design of the FTP protocol uses just one channel (port 21) for sending commands and receiving acknowledgements. However, it has to open other channels dynamically in order to send files. Although the client and server software negotiate these channels immediately, this poses an issue for client-side firewalls because a large number of ports need to be open to the server’s IP address for the protocol to operate through the firewall unabated. SFTP is more friendly to today’s client-side firewalls,requiring only a single port (22) to be open for sending controls and for sending or receiving data files.
Ready for a More Secure File Transfer Solution?
There’s a better option than FTP. Download the white paper to learn how to bring your FTP implementation into a more modern, secure framework with practices that not only protect your critical data but improve efficiency and ease-of-use. Ready to see SFTP in action, schedule a demo with one of our MFT experts.
