Are SFTP and FTP the same? While they originate from the same ballpark, the answer to this question is ultimately NO.
Secure File Transfer Protocol or SSH File Transfer Protocol (SFTP) and File Transfer Protocol (FTP) are NOT the same thing. SFTP, not to be confused with FTP Secure (FTPS), is a network which allows file access, transfer, and management over a secure data stream. It is an extension of the 2.0 version of the Secure Shell (SSH) protocol, whose sole purpose is to provide secure transfer capabilities and work functionally with other protocols. FTP is a network protocol which is implemented in order to exchange files over a Transmission Control Protocol (TCP) and Internet Protocol (IP) network.
FTP is a popular file transfer method that has been around longer than the world wide web – and it hasn’t changed much since its invention. When FTP was created, it wasn’t automatically assumed that internet activity could be malicious, so FTP wasn’t constructed to deal with the kind of cybersecurity threats we now face today.
FTP exchanges data using two separate channels known as the command channel and data channel. With FTP, both channels are unencrypted, leaving any data sent over these channels vulnerable to being intercepted and read.
SFTP works over the Secure Shell (SSH) data stream to establish one secure connection and provide organizations with a higher level of file transfer protection. SFTP uses encryption algorithms to securely move data to your server and keep files unreadable during the process, while authentication prevents unauthorized file access during the operation.
While SFTP doesn’t require two-factor authentication, you do have the choice to require both a user ID and password, as well as SSH keys, for a more secure connection. Creating SSH keys helps prevent imposters from connecting to the server. SSH key pairs must be generated beforehand.
SFTP also gives you the option to perform a wide variety of tasks for sensitive files, from removing files to resuming dropped transfers.
Related Reading: What else can SFTP do? Explore our SFTP client for managed file transfer.
SFTP provides two main methods for authenticating connections. Similar to FTP, you can simply use a user ID and password. However, with SFTP these credentials are encrypted and gives SFTP a major security advantage over FTP.
The other authentication method you can use with SFTP is SSH keys. This involves first generating both an SSH private key and a public key, where you can then send your SSH public key to your trading partner and they load it onto their server and associate it with your account. When they connect to your SFTP server, their client software will transmit your public key to the server for authentication. If the public key matches your private key, along with any user or password supplied, then the authentication will succeed.
User ID authentication can be used with any combination of key and/or password authentication.