The Difference Between FTP, FTPS, and SFTP

Published on 14 Apr 2020

Let’s start with a fun fact: FTP has been around for nearly 50 years – and because of that, there are lots of flavors and variations of the protocol. There’s plain old FTP – File Transfer Protocol – but there’s also FTPS, FTP-SSL, and SFTP. Many people ask: How do they differ?

An Explainer on FTP

At a basic level, FTP is a protocol that has one server and many clients that connect to the server in order to transfer files from one system to another. The client(s) then log into the server to execute commands. Commands allow you to move around the file tree, download files, upload files, move directories, delete, and much more. In the early days of the ARPAnet / Internet, this was revolutionary because you could take files and move them over great physical distances – even large files. FTP is not complicated, but it’s exceedingly powerful and has stood the test of time.

The first FTP client applications were command-line programs developed before computers had graphical user interfaces. Such applications are still shipped with Windows, Linux, and Unix-based operating systems today.

FTP helps send files by transmitting information quickly and reliably so you can transfer large files online. File transfer protocol is commonly used for transferring large files between a client and a server. You can use FTP to exchange files between computer accounts, transfer files between an account and a desktop computer or access files in online storage.

File Transfer Protocol and Security

As great as FTP was at the time, it lacked security measures to encrypt usernames and passwords or other data going across the protocol. Thus FTPS and SFTP were made to build security measures directly into the protocol.

Decades later, we have services like Dropbox or Box that use their own protocols to move files around on the internet. You may ask yourself – why not just abandon FTP entirely and let companies use their own protocols? Here are a few reasons:

  1. The backbone of the internet runs on standard protocols, like HTTP, FTP, DHCP, DNS, etc. Using a standard protocol is in line with the goals of a free and open internet.
  2. It gives you flexibility in your toolset. Because of how long FTP has been around, there are tons of tools, scripts and daemons made that work with it.
  3. Many devices already have FTP built into them, such as security cameras. Let’s say you develop a new security camera and want it to connect to a closed protocol, like Dropbox. With FTP, you can make the connection. With a closed protocol, however, you would have to contact Dropbox and pay licensing fees for using their protocol.
  4. Every client machine already supports file transfer protocol! You don’t need to download a client to access FTP functions from the command line – you can even use whatever client you want to interface with FTP!

What is FTPS?

FTPS, also known as FTP-SSL, is a more secure form of FTP. FTPS is basic FTP with security added to commands and data transfer. Special security protocols TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are cryptographic and provide encryption of data to protect your information as it moves from point A to point B, including username/password.

FTPS is to FTP much like HTTPS is to HTTP: an added layer of security while keeping the original protocol relatively unchanged.

What is SFTP?

SFTP, also known as SSH FTP, encrypts both commands and data while in transmission. This means all your data and credentials are encrypted as they pass through the internet. If you’ve ever used a Unix-based system, you’re likely familiar with SSH. It’s a protocol that allows you to remotely connect to other systems and execute commands from the command line. SSH is how most servers in the world are administered, so the protocol had to be very secure. SFTP was created as an extension of SSH to transfer files through the secure channel (SSH).

Unlike FTP and FTPS, SFTP protocol is packet-based as opposed to text-based. This makes file and data transfers using the SFTP faster than other secure FTP connections.

Which Protocol Should I Use?

Learning about the different protocols might seem daunting. We’ve compiled a shortlist of the differences — advantages and disadvantages that can help clarify which protocol would be best for your use.

Protocol

Pros

Cons

FTP

The oldest protocol, works with most systems

Data sent is not encrypted, including files

Faster than HTTP or email

Passwords and usernames are in plain text making it simpler for an unauthorized user to gain access

No limits for file size

Limited mobile device access

Transfers multiple files and directories at one time

Activity notifications are nearly impossible to create

Supports file resumes

Can create multiple levels of access

Easy to use

FTPS

It is encrypted

Does not have a consistent directory site listing format

Commonly understood and utilized

Not all FTP servers support SSL/TLS

Easy to implement

Uses multiple ports, making firewall configuration more complicated

Offers services for server-to-server file transfers based on SSL/TLS

Older FTP servers don’t support SSL

Easily supported by mobile devices

Works in operating systems that have FTP support but not SSH/SFTP clients

Built-in support in .NET Framework

SFTP

Uses only one port, so it’s easy to use behind a firewall

The interaction is binary and cannot be logged as-is for human reading

The connection is constantly protected

No server-to-server copy and recursive directory site elimination operations

The directory site listing is consistent and machine-readable

No integrated SSH/SFTP assistance in VCL and .NET structures

SFTP is supported by Linux and UNIX servers by default

More options than any other system

Can perform file system operations, such as file lock, permission and attribute manipulation, and symbolic link creation

SFTP vs FTP

In our opinion, if you are able to use SFTP – use it. FTP is great for legacy devices that don’t support any sort of encryption, but if you have access to encryption, it’s better to use SFTP. You don’t want your files intercepted by a malicious hacker downstream of your machine if you can help it.

SFTP vs FTPS

Both SFTP and FTPS provide a high level of protection. The biggest difference between these two protocols is how connections are authenticated and managed. 

  1. SFTP connections can be authenticated using a user id and password to connect to the server. SSH keys can also be used to authenticate SFTP connections. You will need to generate an SSH private key and public key to connect with the SFTP server. 
  2. With FTPS the usernames and passwords are also encrypted. To connect, your FTPS client will first check if the server’s certificate is trusted. The certificate is considered trusted if either the certificate was signed off by a known certificate authority (CA), like Verisign, or if the certificate was self-signed (by your partner) and you have a copy of their public certificate in your trusted key store.

SFTP

FTPS

Separate connections for command and file data

No

Yes

Encrypted command and file data connection

Yes

Yes

Key-based authentication

Yes

No

Host identity verification

Yes

Yes

Transferring Files

In today’s world of SaaS companies, cloud computing and e-commerce, knowing your options for secure file transfer is important. While we have laid out the main differences between three file transfer protocols, it’s obvious that SFTP and FTPS offer the most security benefits. 

FTP brings the speed and reliability that many industries and devices still rely on, and will rely on well into the future. From small files to mission-critical files that run the world, FTP and its secure variants run the world.

Get the best (S)FTP + Modern feature sets  – Sign up for ExaVault today!

Recent Related Blogs

Share via:
  • Facebook
  • Twitter
  • LinkedIn

© 2021 ExaVault. All Rights Reserved. ExaVault is a registered trademark of ExaVault, Inc.