While choosing between SFTP and FTPS, weighing the pros and cons of each option will allow users to have a better understanding of the available choices. Here is a head-to-head SFTP and FTPS comparison that overviews the advantages and limitations of each transfer protocol.
SFTP (SSH File Transfer Protocol) is referred to as the extension of the SSH protocol which permits the transfer of files through a network.
The pros of this option are:
- SFTP requires only one connection - there is no need for a data connection.
- The connection is safeguarded and secured.
- SFTP boasts of machine-readable and uniform directory listings.
- The additional features provided by the protocol include file locking, attribute manipulation, operations for permission, and greater functionality
The cons of opting for SFTP over FTPS are as follows:
- The protocol engages in binary communication which means that for human reading, it cannot be logged “as is”.
- Validation and management of SSH keys are more complex.
- There are a number of SFTP configuration "standards" which may lead to compatibility issues between software titles from different vendors.
- The protocol does not offer removal operations for the recursive directory in addition to a server-to-server copy
- .NET and VCL do not include SSH/SFTP support out of the box.
FTPS is a protocol that utilizes a Secure Sockets Layer (SSL) certificate to provide security. The authentication of a protected FTP connection is conducted through the use of the following elements: SSL certificate, user ID, and password. Upon creation of an FTPS connection, the destination FTP server is reviewed through the FTP client software to verify the trustability of a server’s certificate.
Here is an overview of the pros provided by FTPS to help you decide whether SFTP or FTPS is the answer you have been searching for:
- Unlike SFTP, FTPS allows a human to comprehend and read the communication
- It permits the execution of a server-to-server file transfer
- SSL/TLS comes with X.509 certificate features which act as a strong authentication mechanism
- Several internet communications infrastructures have built-in support for FTP and SSL
The cons associated with FTPS in the SFTP versus FTPS clash are:
- The protocol does not include a standardized format for directory listing
- FTPS calls for the use of secondary DATA channels which in turn makes it usage behind firewalls complex
- The protocol does not have a guideline for encodings or file name character sets
- SSL/TLS support is not available on all FTP servers
- The protocol does not define a standard method to secure and modify directory or file attributes
Difference between SFTP and FTPS
The key distinguishing feature of SFTP and FTPS protocols is the underlying transport mechanism. While FTPS affixes an additional layer to the legacy FTP protocol, SFTP essentially acts as an extension to the SSH protocol. This means that both transport protocols do not share any association but exist to initiate a transfer of files between systems.
Other marked differences between the protocols are reflected in this table:
|Data Exchange||SFTP does not make use of distinct data and command channels. Transfer within SFTP takes place through the means of a single connection through uniquely formatted packets.||A data channel and command channel are used as two separate channels for facilitating exchanges on the FTPS protocol.|
The command channel has the role of managing simple command exchanges between server and FTP client by usually running on server 21 port.
Accordingly, the data channel works by employing on-demand temporary ports that are listening on the client (active mode) or the server (passive mode). This channel holds the responsibility of data exchange in terms of file transfers or directory listings.
|Security||Data encryption occurs through an encryption cipher which is mutually agreed upon. Further protection of sessions occurs through the deployment of public and private keys. This can be viewed as a substitute authentication termed as ‘public key authentication’.||FTPS Explicit SSL and FTPS Implicit SSL are protected variants of FTP which make use of SSL encryption.|
FTPS Implicit SSL assumes that the server is expecting everything encrypted using SSL. This means that when the client first connects to the server it will immediately negotiate the SSL connection on the command connection. Normally Implicit connections are also on a different port such as port 990.
With FTPS Explicit SSL normal FTP connection is established, usually on the standard port 21. However, after connecting, the client will send a command to switch to SSL mode. This command is "AUTH SSL". When this command is sent the server will respond normally, then establish an SSL connection.
SFTP or FTPS: Which to Choose
Each user has unique requirements when it comes to selecting the most appropriate transfer protocol. However, using FTPS is recommended if a server requires accessibility from portable devices, such as PDAs and smartphones or operating systems which do not have SFTP/SSH clients and yet provide FTP support. Accordingly, SFTP is the way to go if you are seeking to develop a custom security solution.
As for the client side, the requirements are already determined by the server(s) with which they intend to connect. SFTP is the more favored choice when establishing a connection with internet servers due to the by-default support that it enjoys from UNIX and Linux servers.
On the other hand, you have free rein to choose both FTPS and SFTP in case of private host-to-host transfers. However, you would have to hunt for a free FTPS client and server software to use FTPS or buy a license for commercial usage.
In the event that you decide to opt for SFTP support, a free client and server software can be secured by installing an OpenSSH package.
SFTP vs. FTPS: Your Needs, Your Call
Based on exploring the differences between SFTP and FTPS and understanding your own requirements as a user, it is possible to make an informed decision about the right transfer protocol and benefit from the functionalities that they have to offer.