SFTP – Secure Alternative for FTP

SSH File Transfer Protocol (SFTP) is a part of the SSH protocol suite. Sometimes also called the Secure File Transfer Protocol, it provides implements secure file transfers over SSH. It supports the full security and authentication functionality of the SSH protocol, including SSH keys.

SFTP can furthermore be used for file sharing, similar to Windows file sharing and Linux NFS. The main difference is that SFTP is secure, and can be used reliably over NAT devices and the public Internet.

SFTP has pretty much replaced legacy FTP as a file transfer protocol, and is quickly replacing FTP/S. It provides all the functionality offered by these protocols, but more securely and more reliably, with easier configuration. There is basically no reason to use the legacy protocols any more.

SFTP also protects against password sniffing attacks and man-in-the-middle attacks. It protects the integrity of the data using encryption and cryptographic hash functions, and autenticates both the server and the user.

Interactive and Automated Secure File Transfers with SFTP

Like SSH itself, SFTP is also a client-server protocol. SFTP clients are included in quality SSH clients and complete enterprise grade SSH implementations provide both SFTP client and server functionality. Feature rich SSH clients, such as Tectia SSH from SSH Communications Security, also provide graphical file manager views into remote filesystems.

On Linux, SFTP is often used as a command-line utility that supports both interactive (user operated) and automated file transfers.

SFTP is also built into many commercial file transfer solutions.

Automated Secure File Transfers – SFTP for Automated Business Processes

The automation of SFTP is commonly combined with public-key authentication using SSH keys. This allows strong authentication without passwords. Such secure automated file transfers are common in corporate IT infrastructure, for example to take nightly system backups, copy data to disaster recovery systems, or move transaction logs to archive systems. Many organizations have many thousands of daily SSH transfers; in come cases, we have seen over 5 million daily automated SSH logins. Some organizations have also accumulated massive numbers of SSH keys in their environment; proper SSH risk assessement and SSH key management solutions are recommended in large environments. SSH keys are access credentials that need to be part of identity and access management practice.

SFTP Protocol

The SFTP protocol runs over the SSH protocol, and is currently documented in the Internet-Draft draft-ietf-secsh-filexfer-02.

SFTP Clients and SFTP Servers

All major SSH implementations and many commercial file transfer solutions support SFTP.

File System Implementation over SFTP

The SFTP protocol was designed from the beginning to allow use as a secure networked file system. Some of the implementations include:

Commercial File Transfer Solutions

Some commercial file transfer products supporting SFTP include the following. Nothing on this page should be taken as an endorsement of any product or solution.