Filter by Category

SFTP vs. FTPS: What's the Best Protocol for Secure FTP?

SFTP versus FTPS apples to oranges comparisonWant newer details on SFTP and FTPS? Check out our 2018 SFTP vs. FTPS article!
An increasing number of organizations are looking to move away from transferring data with FTP (a standard file transfer protocol). In the beginning stages of research, questions often arise around which secure transfer protocols are recommended and how those protocols differ from each other.

Today's Secure FTP Protocols

There are two mainstream protocols available for secure FTP:

SFTP (FTP over SSH) and FTPS (FTP over SSL)

Because SFTP and FTPS implement strong algorithms like AES and Triple DES to encrypt any data transferred, they both offer a high level of protection. SFTP and FTPS also support a wide variety of functionality with a broad command set for transferring and working with files.

Depending on your organization's needs, either option could work to secure your file transfers. However, there are a few notable diffferences between the two in how connections are authenticated and managed.

See how SFTP and FTPS stack up in this free checklist.

Download the PDF 

SFTP vs. FTPS: Authentication

With SFTP, a connection can be authenticated using a couple different techniques:

1. For basic authentication, you or your trading partner may just require a user ID and password to connect to the SFTP server.

Its important to note that any user IDs and passwords supplied over the SFTP connection will be encrypted (this is a big advantage over standard FTP).

2. SSH keys can also be used to authenticate SFTP connections in addition to, or instead of, passwords.

With key-based authentication, you will need to generate a SSH private key and public key beforehand. If you want to connect to a trading partner's SFTP server, you would then send your SSH public key to them so they can load onto their server and associate with your account. Then, once you've connected to their SFTP server, your client software will transmit your public key to the server for authentication. If the keys match, along with any username/password supplied, the authentication will succeed.

With FTPS, a connection is authenticated using a user ID, password, and certificate:

Like SFTP, the usernames and passwords for FTPS connections are encrypted.

When connecting to a trading partner's FTPS server, your FTPS client will first check if the server's certificate is trusted. The certificate is considered trusted if either the certificate was signed off by a known certificate authority (CA), like Verisign, or if the certificate was self-signed by your partner. For self-signed certificates to verify, you must have a copy of their public certificate in your trusted key store.

Your partner may also require that you supply a certificate when you connect to them. Your certificate may be signed by a third-party CA or your partner may allow you to self-sign your certificate, as long as you send them the public portion of your certificate to load into their trusted key store.

RELATED READING: 10 Essential Tips for Securing FTP and SFTP Servers

SFTP vs. FTPS: Implementation

When it comes to ease of implementing SFTP or FTPS, SFTP is considered the easiest secure FTP protocol to implement. SFTP is very firewall friendly, needing a single port number (default of 22) to to be opened through the firewall. This single SFTP port will be used for all communications, including the initial authentication, any commands issued, and any data transferred.

FTPS, unfortunately, can be very difficult to patch through a tightly-secured firewall. FTPS uses multiple port numbers. The initial port number (default of 21) is used for authentication and passing any commands. However, every time a file transfer request (e.g. get or put) or directory listing request is made, another port number needs to be opened. You and your trading partners will therefore have to open a range of ports in your firewalls to allow for FTPS connections, which can put your network at risk and weaken your cybersecurity defenses.

In summary, SFTP and FTPS are both secure FTP protocols with strong authentication options. Since SFTP is much easier to port through firewalls, however, we believe SFTP is the clear winner between the two.

An MFT Solution that Expertly Meets Your Needs

Are you making the switch from FTP? Protect your file transfer communications with managed file transfer (MFT). GoAnywhere MFT can help you achieve automatic encryption, streamline your file transfer processes, and safeguard traditional SFTP and FTPS data transmissions. With support for multiple platforms, including Microsoft Azure, Microsoft Windows, and Linux, you can create a secure, audited environment on any OS for transferring files inside and outside your organization. 

See How GoAnywhere MFT can Improve Your File Transfers

Learn the ropes of MFT in this short, on-demand product demonstration:

Take a Feature Tour

Related Posts


10 Essential Tips for Securing FTP and SFTP Servers

Most organizations use FTP or SFTP servers to exchange files and other critical business documents with their trading partners. Unfortunately, these servers have become a primary target for hackers,…


Are Your FTP Credentials Secure?

Do you know where your FTP credentials are?


Data Breach and Incident Response Plans | 2017 Templates & Resources

As we continue to put our data online, through social media channels, cloud storage, and email attachments, we open ourselves up to the possibility of data breaches and other attacks. The answer to…


The Ultimate Guide to Investing in Secure File Transfer Software

It comes as no surprise—file transfers are a critical part of each organization’s operations. They can share anywhere from dozens to hundreds of thousands of documents with trading…


WinSCP Free SFTP Client or an MFT SFTP Client?

If you’re looking for a SFTP client to use for your organization’s file transfers, it might be tempting to go with one that’s free—and bonus points if it’s open source.…