Your browser does not allow storing cookies. We recommend enabling them.


Secure File Transfer - FTP Replacement

The Tectia client/server solution provides several methods for getting rid of the risks of plaintext File Transfer Protocol (FTP). Tectia Server, Client and ConnectSecure all include a secure alternative, Secure File Transfer Protocol (SFTP) that can be used to replace existing FTP clients and servers. If replacing all FTP clients and servers in an environment is unfeasible, Tectia ConnectSecure and Tectia Server for IBM z/OS offer also transparent FTP tunneling to encrypt the FTP connection, and FTP-SFTP conversion to convert unsecured FTP traffic to use the secure SFTP protocol, instead.

The Tectia client/server solution offers three methods for FTP replacement as illustrated in Figure 2.2:

Options for replacing unsecured FTP file transfers

Figure 2.2. Options for replacing unsecured FTP file transfers

An unsecured FTP connection is shown in blue. If this is used, user IDs, passwords, and the actual transferred data are sent in plaintext, which makes them vulnerable to eavesdropping and unauthorized modifications.

Tectia products use the following methods to make file transfers secure:

  1. Native SFTP

    The secure file transfer protocol (SFTP) transfers the files and the related control data encrypted between the client and server. SFTP can be activated by using the sftpg3 and scpg3 tools, or the Tectia Secure File Transfer GUI (on Windows) instead of the unsecured ftp tools.

    Tectia Client or ConnectSecure provides the SFTP functionality and connects to any Secure Shell SFTP server. Both the original FTP client and FTP server can be eliminated.

  2. FTP-SFTP conversion

    Connections from the original FTP client are transparently captured by Tectia Server for IBM z/OS, converted to SFTP, and directed to a Secure Shell SFTP server. No changes to the original FTP client application are needed, and it can remain being used as before. The original FTP server, however, is eliminated.

    This feature is available with Tectia ConnectSecure and Tectia Server for IBM z/OS (client tools) on all supported platforms and requires a Secure Shell server as the counterpart.

  3. Transparent FTP tunneling

    Transparent FTP tunneling creates a secure tunnel between an FTP client and an FTP server. All material is sent in encrypted format and so secured from eavesdropping. This feature is available with Tectia ConnectSecure and Tectia Server for IBM z/OS (client tools).

The Tectia client/server solution supports also non-transparent FTP tunneling on both Tectia Client and ConnectSecure. Non-transparent FTP tunneling can be implemented as SOCKS tunnels defined in the Tectia connection profiles, or as automatic tunnels defined in the Connection Broker configuration.

The following table lists the benefits offered by each of the FTP replacement methods.

Table 2.1. Differences between FTP and secure file transfer methods

Feature FTPSFTPFTP-SFTP ConversionTransparent FTP Tunneling
Automated scripts can be usedxxxx
FTP application used unmodifiedx xx
Original FTP client running x x x
Original FTP server running x x
Configured on Tectia x x x
Fallback to FTP is possible N/A x
SFTP GUI available on Windows N/A x N/A N/A


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more