SFTP, SCP, FTPS, FTP over SSH – Oh, the confusion.

Firstly, these tables go a long way towards showing the differences: Comparison between SFTP, FTP and SCP & Secure FTP, FTP/SSL, SFTP, FTPS, FTP, SCP… What’s the difference?

Here are some of my notes explaining the differences between these protocols:

SFTP (SSH file transfer) protocol

>Draft protocol designed by the IETF SECSH working group, working documents available here. RFC not complete.
>The protocol assumes that it runs over a secure channel, that the server has already authenticated the client, and that the identity of the client user is available to the protocol.
>The secure channel could be provided by SSH, TLS or others.
>When used with the SSH2 Protocol suite, this protocol is intended to be used as a subsystem as described in RFC4254 in the section “Starting a Shell or a Command”.  The subsystem name used with this protocol is “sftp”.
>The SFTP protocol does more than just file transfer, including resuming interrupted transfers, directory listings, and remote file removal.
>From version 4 upwards this protocol has become more platform independent.

SCP (Secure Copy) protocol

>Is a secure variant of rcp
>The protocol itself does not provide authentication and security; it relies on the underlying protocol, SSH, to provide these features.
>Does file transfer only,but does include file attributes (permissions, timestamps) – which is not possible with standard FTP.
>Mostly used on UNIX platforms, and seldom found on others.
>Note that many scp *programs* actually use SFTP (SSH file transfer) protocol instead.

>Is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.
> RFC 4217 “Securing FTP with TLS” & RFC 959 “FTP Security Extensions”

FTP over SSH
>This is the act of using the standard FTP protocol over an already established SSH tunnel.
>Because FTP uses multiple TCP connections, it is particularly difficult to tunnel over SSH. With many SSH clients, attempting to set up a tunnel for the control channel (the initial client-to-server connection on port 21) will protect only that channel; when data is transferred, the FTP software at either end will set up new TCP connections (data channels) which will bypass the SSH connection.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s