SFTP

What is Secure File Transfer Protocol (SFTP)

In computing, the SSH File Transfer Protocol (also Secure File Transfer Protocol, or SFTP) is a network protocol that provides file access, file transfer, and file management over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capabilities. The IETF Internet Draft states that, even though this protocol is described in the context of the SSH-2 protocol, it could be used in several different applications, such as secure file transfer over Transport Layer Security (TLS) and transfer of management information in VPN applications.

This protocol assumes that it is run over a secure channel, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol.

Compared to the SCP protocol, which only allows file transfers, the SFTP protocol allows for a range of operations on remote files which makes it more like a remote file system protocol. An SFTP client’s extra capabilities include resuming interrupted transfers, directory listings, and remote file removal.

SFTP attempts to be more platform-independent than SCP; with SCP, for instance, the expansion of wildcards specified by the client is up to the server, whereas SFTP’s design avoids this problem. While SCP is most frequently implemented on Unix platforms, SFTP servers are commonly available on most platforms. The file transfer is fast in SCP when compared to the SFTP protocol due to the back and forth nature of the SFTP protocol. In SFTP, the file transfer can be easily terminated without terminating a session as other mechanisms do.

SFTP is not FTP run over SSH, but rather a new protocol designed from the ground up by the IETF SECSH working group. It is sometimes confused with Simple File Transfer Protocol.

The protocol itself does not provide authentication and security; it expects the underlying protocol to secure this. SFTP is most often used as a subsystem of SSH protocol version 2 implementations, having been designed by the same working group. It is possible, however, to run it over SSH-1 (and some implementations support this) or other data streams. Running an SFTP server over SSH-1 is not platform-independent as SSH-1 does not support the concept of subsystems. An SFTP client willing to connect to an SSH-1 server needs to know the path to the SFTP server binary on the server-side.

Uploaded files may be associated with their basic attributes, such as time stamps. This is an advantage over the common FTP protocol.

SFTP client

The term SFTP can also refer to the Secure file transfer program, a command-line program that implements the client part of this protocol. As an example, the SFTP program supplied with OpenSSH implements this.

Some implementations of the SCP program support both the SFTP and SCP protocols to perform file transfers, depending on what the server supports.

SFTP server

Some FTP server implementations implement the SFTP protocol; however, outside of dedicated file servers, SFTP protocol support is usually provided by an SSH server implementation, as it shares the default port of 22 with other SSH services. SFTP implementations may include an SSH protocol implementation to leverage the integration of SSH connection details with preexisting FTP server access controls, where an alternative SSH server is tolerable or where alternative ports may be used. An SSH-2 server that supports subsystems may be leveraged to keep a uniform SSH implementation while enhancing access controls with third-party software, at the cost of fine-grained integration with connection details, and SSH-1 compatibility.

SFTP proxy

It is difficult to control SFTP transfers on security devices at the network perimeter. There are standard tools for logging FTP transactions, like TIS work or SUSE FTP proxy, but SFTP is encrypted, rendering traditional proxies ineffective for controlling SFTP traffic.

Some tools implement man-in-the-middle for SSH which also features SFTP control. Examples of such a tool are Shell Control Box from Balabit and CryptoAuditor from SSH Communications Security (the original developer of the Secure Shell protocol) which provides functions such as SFTP transaction logging and logging of the actual data transmitted on the wire.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

SFTP client

SFTP server

SFTP proxy

Products

Industry

Solutions

Resources

Partners

Company

SFTP

SFTP client

SFTP server

SFTP proxy

Products

Industry

Solutions

Resources

Partners

Company

WordPress Download Manager