6
3
I've heard it from some sources that SFTP is preferable to FTPS. If this is the case, I'm wondering why exactly.
6
3
I've heard it from some sources that SFTP is preferable to FTPS. If this is the case, I'm wondering why exactly.
8
I prefer SFTP over FTPS mainly because it takes extra effort to set up an FTP server on a server. Most probably the server is going to already have SSH installed to administer it remotely, so why not just take advantage of what is already installed? Using SFTP requires no extra effort to get it running.
Most FTP clients have built in support for SFTP, so client support is mainly a moot point.
6
There is a pretty explanatory article on the SSH-SFTP blog that details the differences between SFTP and FTPS, and gives an overview of the scenarios each one of them is more suited for.
According to the above mentioned article, each protocol has "pros" and "cons", so depending on each specific scenario, one protocol may be more effective that the other one.
Here below I will recap the points that - in my humble opinion - are the most important:
SFTP is always secure, FTPS may be not: SFTP is a subsystem of the SSH protocol, and therefore it always runs in an encrypted/secured channel; FTPS instead may feature a plain (unencrypted) FTP fallback strategy, in case the server does not support SSL/TLS.
FTPS can be faster than SFTP: in the exact same network conditions, FTPS could be probably faster than SFTP, as it runs the control channel and the data channel seperately (while SFTP runs in a single channel and interleaves the control packets within the data flow)
SFTP is firewall-friendly, while FTP(S) is not: SFTP runs inside SSH thus it uses only one port on the server (default: 22); FTP(S) instead requires either the possibility for the server to connect back to the client (active) or a wide number of open ports on your firewall for the server to accept incoming data connections (passive).
FTPS can delegate trust, SFTP can not: FTP(S) leverages the SSL/TLS intrinsic security based upon X.509 certificates that can be issued by a Certification Authority trusted by both parties, while SSH Server Keys can only be issues by the server part and must be trusted by the client part.
Can you give a more detailed description of the linked content, and explain how it relates to the question? This will help ensure that this answer remains useful in the event the link becomes invalid. – bwDraco – 2014-11-23T18:59:56.597
Sure. I am going to edit the answer now... – FjodrSo – 2014-11-23T19:01:28.287
3
This page from CodeGuru has a good summary of the pros and cons of each:
As usual, the answer depends on what your goals and requirements are. In general, SFTP is technologically superior to FTPS. Of course, it's a good idea to implement support for both protocols, but they are different in concepts, in supported commands, and in many other things.
It's a good idea to use FTPS when you have a server that needs to be accessed from personal devices (smartphones, PDAs, and the like) or from some specific operating systems that have FTP support but don't have SSH/SFTP clients. If you are building a custom security solution, SFTP is probably the better option.
As for the client side, the requirements are defined by the server(s) that you plan to connect to. When connecting to Internet servers, SFTP is more popular because it's supported by Linux and UNIX servers by default.
For private host-to-host transfer, you can use both SFTP and FTPS. For FTPS, you would need to search for a free FTPS client and server software or purchase a license for commercial one. For SFTP support, you can install an OpenSSH package that provides free client and server software.
3
SFTP has no problems with port mappings, and thus no issues with NAT router/firewalls. (And, many home DSL and cable modems are in fact NAT routers, and attaching a standalone wireless access point might even introduce "double NAT".)
In FTP, and hence in FTPS, multiple connections are needed. Client and server agree on the IP address and ports to be used within the so-called "application level" communications. But, a NAT router or firewall (which would rather only care about "transport level" issues) needs to know about these details, and hence needs to inspect the actual data. This raises many issues, which are non-existent for SFTP.
0
I dont think that one is preferable over the other. It really depends on your infrastructure. This thread from CodeGuru discusses the pros and cons of SFTP and FTPS.
One benefit of FTPS is the data channel. The data channel can be redirected to transfer files from server to server. This feature is not well understood. Thats why alot of people would say that the FTP data channel is unnecessary.
I believe that if you're just interested in sending files securely, then you should go with FTPS. If you already have an SSH infrastructure, then SFTP might be useful.
A question like this is better suited for Serverfault. – Josh Hunt – 2009-10-24T07:32:30.243
2"How cool would it be to see a question get ping ponged SF->SO->SU->MSO->SF->SU->SF->SU->SF->MSO->Closed – Lucas McCoy" – Josh Hunt – 2009-10-24T07:34:07.680
@joshhunt A question did make the homerun, but not one has made a whirlwind. – random – 2009-10-24T07:44:10.423