Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Secure File Transfer

The SSH Tectia Client and Server products allow organizations to replace plaintext FTP connections with secure file transfers in cross-platform environments. Unattended, automated file transfers between servers can be secured with the versatile command-line SFTP and SCP tools. The third-generation high-performance Secure Shell protocol implementation, SSH G3, provides unparalleled SFTP throughput and scalability, eliminating processing bottlenecks and helping to meet critical deadlines.

With the optional EFT Expansion Pack for Unix and Windows, users of SSH Tectia Client and SSH Tectia Server can expand the baseline functionality to perform enhanced file transfer (EFT) operations that require higher encryption performance, more comprehensive manageability, APIs for application-level integration, and additional reliability features such as checkpoint/restart. In addition, the EFT Expansion Pack incorporates an FTP-SFTP conversion module to facilitate secure replacement of FTP without the need to modify file transfer scripts or applications.

The enhanced file transfer features are also supported with SSH Tectia Server for IBM z/OS on the server side.


Checkpoint/restart is available in the EFT Expansion Pack for SSH Tectia Client and SSH Tectia Server. When the client starts transferring a file for the first time, it starts from the beginning of the file. When the file transfer has been progressing for some time (a configurable amount of time or data), the client creates a checkpoint entry for that particular file in the checkpoint database (simply a file in a directory). This entry includes the state of the transfer at the specified time: file timestamps and sizes, their positions in the files, etc.

If for some reason the file transfer is canceled (the user aborts the transfer or the connection is lost), the last known state of the transfer is saved in the checkpoint entry. If the file transfer is now restarted, the client uses the existing checkpoint entry to check whether it can continue from the known position. There are two criteria that have to be fulfilled for the restart:

  1. The source file modification timestamp must be the same as in the checkpoint entry.

  2. The destination file timestamp must not be earlier than the last known timestamp (it is possible that the last file transfer has changed the file after the last checkpoint).

If these criteria are fulfilled, the file transfer can continue from the last known position without any extra delays.

Note, however, that the checkpoint/restart does not compare source and destination file contents. Therefore the system does not notice if someone changes the destination file between the checkpoint and the restart, and the resulting destination file is not identical with the source file.

When the file has been successfully transferred, the checkpoint entry is removed. The next file transfer for the same file starts again from the beginning even though a destination file exists. Source and destination file contents are never compared if checkpoint/restart is used.


The EFT Expansion Pack for SSH Tectia Client and SSH Tectia Server incorporates a protocol extension in the Secure File Transfer Protocol (SFTP), enhancing file transfer performance.

The streaming extension causes the file contents to be transferred between SSH Tectia Server and Client using a separate data channel instead of the SFTP channel that carries the SFTP commands, thereby avoiding some bottlenecks of the protocol. All data transferred is still encapsulated into the secure SecSh transport connection, meaning that this enhancement does not have any security implications. The SFTP streaming protocol extension is fully backward compatible with all earlier SSH Tectia Client and Server versions.


The prefix functionality adds a prefix to a filename during the file transfer and thus renames it. The prefix is removed after the file has been successfully transferred and the file has its original name again. This prevents unintentional usage of the file before it has been fully transferred to the destination. This feature is available in the EFT Expansion Pack for SSH Tectia Client and SSH Tectia Server.

Transparent FTP Tunneling

Transparent FTP tunneling is a way to secure normal FTP connections using Secure Shell tunnels. The original FTP client and FTP server are retained. Transparent FTP tunneling is available with SSH Tectia Server for IBM z/OS on the client host. On the tunneling server host, any Secure Shell v2 server is supported.

For more information, see Transparent FTP Tunneling and Transparent FTP Tunneling.

FTP-SFTP Conversion

FTP-SFTP conversion enables converting unsecured FTP traffic into secure SFTP. No changes to the FTP client application are needed. This feature is available in the EFT Expansion Pack for SSH Tectia Client and SSH Tectia Server on Linux, HP-UX, Solaris, and Windows platforms. The server-side host can also run SSH Tectia Server for IBM z/OS.

For more information, see FTP-SFTP Conversion and FTP-SFTP Conversion.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now