7

I have an Ubuntu 16.04 instance that seems to not have FTP installed, but I can use WinSCP to connect from my local pc to the instance using protocol SFTP on port 22, and then I can download files from the instance to my local pc.

The instance doesn't seem to have any kind of FTP server installed, and all incoming ports are blocked other than 22 and 443. Does this mean that an FTP server is not required for SFTP? Is this the same for FTPS?

I can download files, but I can't upload. I get the error message "Cannot create remote file '...'. Permission denied. Error code: 3 Error message from server: Permission denied" - without any FTP server (or FTP server config files) installed, what is allowing me to download but preventing me from uploading?

I understand FTPS uses an SSL certificate, so I assume FTPS is the preferred choice over SFTP, is this right?

  • 4
    `scp` and `sftp` run over the ssh server engine, whereas `ftps` is regular FTP with SSL wrappers on it. 3 totally different protocols. Oh, and you may be interested in `sshfs` - mount a remove server over SSH :) – ivanivan Feb 17 '18 at 18:48
  • 2
    Also see my answer here - [SFTP, FTPS and SecureFTP differences](https://security.stackexchange.com/q/858/33) on the [security.se] site for security implications. – AviD Feb 18 '18 at 11:08

1 Answers1

14

The instance doesn't seem to have any kind of FTP server installed, and all incoming ports are blocked other than 22 and 443. Does this mean that an FTP server is not required for SFTP?

SFTP; the SSH File Transfer Protocol uses the SSH port and is a subsystem of your SSH server.

No separate FTP server needed. (Well not quite, there is indeed an sftp-server program that speaks the server side of SFTP protocol to but it is not intended to be called directly. It is called by your SSH server using the Subsystem option.)

the error message "Cannot create remote file '...'. Permission denied.
Error code: 3 Error message from server: Permission denied"

Permission denied errors are typically exactly that, file-system permissions preventing your user from writing in places you are not allowed to...

I understand FTPS uses an SSL certificate, so I assume FTPS is the preferred choice over SFTP, is this right?

Arguably the SFTP protocol is as cryptographically secure as FTPS so no preference there.

FTP over SSL still suffers from the classical FTP problem of needing two ports/connections and the SSL version of FTP is even more likely to break than regular FTP when you need to do NAT or set up firewall rules.

The advantage of FTPS is that TLS certificates have a much wider supported trust infrastructure to validate the identity of a remote server using its TLS certificate than SSH keys.

HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • 6
    I'd argue that in some situations SFTP is more secure than FTPS - but only because my employer force installs their cert as trusted on our machine and can intercept and re-sign traffic, basically becoming a MITM on all of our traffic. – ivanivan Feb 17 '18 at 18:51
  • Continuing the pattern of relying on hyperlinks that point to Wikipedia, note that [SSHFTP](http://en.wikipedia.org/wiki/SSH_File_Transfer_Protocol) is different from [Simple FTP](https://en.wikipedia.org/wiki/File_Transfer_Protocol#Simple_File_Transfer_Protocol), which (unfortunately) have both been referred to by the abbreviation of SFTP. – TOOGAM Feb 18 '18 at 03:25
  • Cool, I used chown to give the user access to that directory where I want to transfer with WinSCP. And now I'm confident that SFTP is the way to go. –  Feb 18 '18 at 20:14