50
14
Trying to set up a system for my 4 remote employees to transfer files. It has to be secure. Is SFTP better than FTPS? What is the difference?
user334875
Posted 2014-08-11T22:05:34.950
Reputation: 553
What is the difference between FTPS and SFTP?
Answers
68
Two completely different protocols.
FTPS is FTP with SSL for security. It uses a control channel and opens new connections for the data transfer. As it uses SSL , it requires a certificate.
SFTP (SSH File Transfer Protocol / Secure File Transfer Protocol) was designed as an extension of SSH to provide file transfer capability, so it usually uses only the SSH port for both data and control.
In most SSH server installations you will have SFTP support, but FTPS would need an aditional configuration of a supported FTP server.
NuTTyX
Posted 2014-08-11T22:05:34.950
Reputation: 2 448
10
sftp is a FTP like protocol that operates over SSH.
- If you are running a linux/bsd/OSX based server, then you almost always already have a perfectly functional sftp server already.
- On the Windows side you basically are looking at Filezilla, WinSCP, or Putty as a client.
ftps is the original ftp protocol with TLS enhancements.
- ftps works very badly through a NAT firewall
Zoredache
Posted 2014-08-11T22:05:34.950
Reputation: 18 453
1
FTPS = FTP over SSL. It come in two flavours:
- Explicit FTPS - Uses TCP port 21 as per FTP - some clients, like Filezilla, require you to specify the proctocol as FTPES (e.g. ftpes://ftp.xxxxx.com)
- Implicit FTP - The connection will be encrypted if both sides can handle it (port 990), but if not, it will fall back to unecrypted FTP (TCP port 21)
SFTP = FTP over SSH - Uses TCP port 22.
In reality, you'll find most clients will handle all protocols... providing you know what you are supposed to be using, which is usually where my clients fall down.
CJM
Posted 2014-08-11T22:05:34.950
Reputation: 2 512
8SFTP is not FTP over SSH. – Andre Figueiredo – 2015-09-30T18:11:12.747
-1
Your use case is such that you may want to consider a commercial solution for file collaboration or managed file transfer (offered both as services or on-prem software) and not necessarily get involved with setting up a file sharing server (virtual or physical) of your own.
Larry
Posted 2014-08-11T22:05:34.950
Reputation: 1
1The answers below should be enough to tell you the difference. I'd just like to note that historically, SSL (FTPS) has had more security bugs and the seriousness of the bugs has been more severe than SSH (SFTP). Part of this is that SSL was created for the browser and had a tendency to be pressured by business concerns and time-to-market while SSH was created by unix people to log it to their machines remotely and had a tendency to be pressured by security concerns (if you can break SSH you basically have control of the entire machine rather than just the web server/browser). – slebetman – 2014-08-12T07:03:24.767
Why not scp? sshfs? – emory – 2014-08-13T02:31:46.433
@emory sshfs because it's a very specific implementation with very specific constraints on what systems it can work on (particularly, it needs FUSE), unlike all the others which are protocols which can be implemented on most any platform?
– a CVn – 2014-08-14T09:42:20.840