SFTP – Secure Alternative for FTP
SSH File Transfer Protocol (SFTP) is a part of the SSH protocol suite. Sometimes also called the Secure File Transfer Protocol, it provides implements secure file transfers over SSH. It supports the full security and authentication functionality of the SSH protocol, including SSH keys.
SFTP can furthermore be used for file sharing, similar to Windows file sharing and Linux NFS. The main difference is that SFTP is secure, and can be used reliably over NAT devices and the public Internet.
SFTP has pretty much replaced legacy FTP as a file transfer protocol, and is quickly replacing FTP/S. It provides all the functionality offered by these protocols, but more securely and more reliably, with easier configuration. There is basically no reason to use the legacy protocols any more.
SFTP also protects against password sniffing attacks and man-in-the-middle attacks. It protects the integrity of the data using encryption and cryptographic hash functions, and autenticates both the server and the user.
Interactive and Automated Secure File Transfers with SFTP
Like SSH itself, SFTP is also a client-server protocol. SFTP clients are included in quality SSH clients and complete enterprise grade SSH implementations provide both SFTP client and server functionality. Feature rich SSH clients, such as Tectia SSH from SSH Communications Security, also provide graphical file manager views into remote filesystems.
On Linux, SFTP is often used as a command-line utility that supports both interactive (user operated) and automated file transfers.
SFTP is also built into many commercial file transfer solutions.
Automated Secure File Transfers – SFTP for Automated Business Processes
The automation of SFTP is commonly combined with public-key authentication using SSH keys. This allows strong authentication without passwords. Such secure automated file transfers are common in corporate IT infrastructure, for example to take nightly system backups, copy data to disaster recovery systems, or move transaction logs to archive systems. Many organizations have many thousands of daily SSH transfers; in come cases, we have seen over 5 million daily automated SSH logins. Some organizations have also accumulated massive numbers of SSH keys in their environment; proper SSH risk assessement and SSH key management solutions are recommended in large environments. SSH keys are access credentials that need to be part of identity and access management practice.
SFTP Clients and SFTP Servers
All major SSH implementations and many commercial file transfer solutions support SFTP.
- Download Free SSH/SFTP client
- Tectia SSH Server for Windows, Unix, Linux (supports SFTP)
- Tectia SSH Server for z/OS
File System Implementation over SFTP
The SFTP protocol was designed from the beginning to allow use as a secure networked file system. Some of the implementations include:
- Expandrive (Windows and Mac)
- SFTP Net Drive
- SSHFS (source for Linux and Mac). SSHFS is also available as package
sshfsin most linux distributions.
- Apache Commons VFS
Commercial File Transfer Solutions
Some commercial file transfer products supporting SFTP include the following. Nothing on this page should be taken as an endorsement of any product or solution.
- IBM MQ Managed File Transfer
- GlobalScape Enhanced File Transfer
- GoAnywhere MFT
- SFTPPlus Managed File Transfer
- IPSwitch MOVEit Complete
- Solarwinds Managed File Transfer
- JScape MFT Server
- Serv-U MFT Server
- Axway's Secure MFT Gateway: SecureTransport
- Stonebranch Universal Data Mover
- Coviant Diplomat Managed File Transfer
- Acronis MassTransit
- Tibco Managed File Transfer
- BMC Control-M Managed File Transfer
- Signiant Secure File Transfer