SFTP

Also known as: Secure FTP, SSH File Transfer Protocol, and Secure File Transfer Protocol

Secure File Transfer Protocols, including SFTP, help you transfer data within and outside of your organization safe in the knowledge that your information is protected. Learn about the top secure FTP options and how you can start securing your file transfers.

What is SFTP?

SFTP, which stands for SSH File Transfer Protocol, is a secure file transfer protocol used to secure and send file transfers over secure shell (SSH). SFTP, as a network protocol, implements AES, Triple DES, and similar algorithms to encrypt files as they transfer between systems.

How Does SFTP Work?

SFTP works over the Secure Shell (SSH) data stream to establish a secure connection and provide organizations with a higher level of file transfer protection. This is because SFTP uses encryption algorithms to securely move data to your server and keep files unreadable during the process. Authentication prevents unauthorized file access during the operation. Read more on how SFTP works >

SFTP Encryption

SFTP uses AES, Triple DES, and similar algorithms to encrypt files during data transfer. SFTP uses a single port number (port 22) to establish a secure connection and encrypts both authentication information and the files being transferred. Read more on SFTP encryption >

Authentication Methods

An SFTP server requires trading partners to authenticate in one of two different ways. They can either prove their identity with a user ID and password (this information is encrypted over the SFTP connection rather than sent over plain text) or validate with an SSH key. Users can also use two-factor authentication and a combination of SSH key and password. These types of authentications prevent imposters from connecting to the SFTP server.

There's some debate on whether SSH keys or passwords are better at protecting and validating company SFTP servers. For a full comparison of the two authentication methods, read Are SSH Keys or Passwords Better for SFTP Authentication?

What is Secure FTP?

File Transfer Protocol (FTP) is a network protocol used to transfer files between clients and servers. Secure FTP solutions take the basic function of FTP – file transfers – and makes it more secure. Since FTP is not secure in and of itself, it is often secured with SSL/TLS (to become FTPS) or replaced with SFTP (SSH File Transfer Protocol) solutions.

Secure Your FTP Implementation

Move beyond FTP and learn how to secure and manage your file transfers.

Get the Guide

Alternatives to SFTP

Back in the day, File Transfer Protocol (FTP) was the go-to method for sending files. Now, there are more options, all of which improve on security including FTPS, HTTPS, AS2, and MFT.

SFTP vs. FTPS

Two mainstream protocols available for secure file transfers are Secure Shell (SSH) File Transfer Protocol (SFTP) and File Transfer Protocol over SSL/TLS (FTPS). Because SFTP and FTPS implement strong algorithms like AES and Triple DES to encrypt any data transferred, they both offer a high level of protection. Read more >

SFTP FTPS
Port for secure FTP Uses only port 22. Uses multiple port numbers; one for the command channel, and an additional port on the data channel for every file transfer request or directory listing request.
Authenticating connections Choice to use a user ID and password to connect to an SFTP server or to use SSH keys with or instead of passwords. Uses TLS/SSL to encrypt server connections and X.509 certificates to authenticate the connections.
Authentication Algorithms like AES and Triple DES are used to encrypt transferred data.
Speed Control and synchronization packets are sent on the same channel as data packets, which may cause SFTP to be slightly (but not significantly) slower than FTPS. Was designed to be more speed-friendly, with the control and data channel running asynchronously.
Implementation Considered the easiest secure FTP protocol to implement. Can be difficult to patch through a tightly-secured firewall.

Secure FTP FAQs

What is FTPS?

FTPS allows you to connect securely with your trading partners, customers, and users. To verify authenticity, FTPS uses a combination of user IDs, passwords, and certificates. FTPS uses TLS to encrypt server connections, X.509 to authenticate connections, and AES and Trip DES to encrypt file transfers.

Which is Faster: SFTP vs. FTPS?

FTPS was designed to be more speed-friendly, with the control and data channel running asynchronously in two distinct connections in order to achieve the highest possible data transfer speed. With SFTP, control and synchronization packets are sent on the same channel as data packets. This may cause SFTP to be slightly, but NOT significantly, slower than FTPS. Read more >

What are the Key Differences Between SFTP and FTPS?

Yes, but a Disaster Recovery license is discounted. Maintenance is calculated at 20% of the net license price after the discount. The differences between SFTP and FTPS include the number of ports required, authentication, speed and implementation.

For a deeper dive, read SFTP vs. FTPS: The Key Differences.

Which is Better: SFTP vs. FTPS?

If SFTP and FTPS are both secure protocols with similar protection, when is it best to use one over the other? The answer is: it depends. Your choice comes down to your organization’s IT infrastructure, trading partner requirements, how you want to authenticate file transfers, and which ports you want to use. For more guidance which secure FTP solution is best, read Which is Better: SFTP vs. FTPS?

How Secure is SFTP?

Is SFTP secure enough for you? While SFTP solutions do not require two-factor authentication, you do have the choice to require both a user ID and password, as well as SSH keys, for a more secure connection.

How to Secure FTP and SFTP Servers

Are FTP, FTPS, or SFTP servers secure? The number one way to secure your FTP servers is to stop using FTP. If standard FTP is running on your server, you should disable it as soon as possible; FTP is over 30 years old and isn’t meant to withstand the modern security threats we face today. FTP is not encrypted, and it lacks privacy and integrity. FTP makes it easy for a hacker to gain access and capture or modify your data while it’s in transit.

Secure your SFTP and FTPS servers with these steps:

  1. Use strong encryption and hashing. such as with SFTP and FTPS. Opt for strong ciphers like AES and TDES, or SHA-2 family algorithms for verifying transmission integrity, and disable any older, outdated ciphers like Blowfish and DES.
  2. Place your servers behind a gateway.Many organizations store their FTP servers in the DMZ, a public-facing segment that is easy to attack. Using an enhanced reverse proxy like a DMZ Secure Gateway keeps files and credentials in the private network, rather than opening inbound ports.
  3. Implement IP Blacklists and Whitelists. An IP blacklist allows you to deny system access to a range of IP addresses, either temporarily or permanently. If your trading partners use fixed IPs, you can whitelist their specific IP addresses.
  4. Harden your FTPS Server. Avoid using Explicit FTPS unless you force encryption for the authentication and data channels, and do not use any version of SSL or TLS 1.0. Plus, you should use Elliptic curve Diffie-Hellman key exchange algorithms.
  5. Set secure user policies.
  6. Require and use strong passwords.
  7. Implement file and folder security. Limit folder access to only the essentials. Encrypt files at rest, especially if they’re stored in the DMZ, and retain files on the FTP server only as long as needed.
  8. Lock down administration. Restrict admin duties to a limited number of users and require to use multi-factor authentication. Avoid easy-to-guess admin user IDs like “root” or “admin,” and protect passwords by storing them in an AD domain or LDAP server.

More best practices: 10 Essential Tips for Securing FTP and SFTP Servers

How Does SFTP Work?

Secure File Transfer Protocol (SFTP) works over the Secure Shell (SSH) data stream to establish a secure connection and provide organizations with a higher level of file transfer protection. This is because SFTP uses encryption algorithms to securely move data to your server and keep files unreadable during the process, and authentication prevents unauthorized file access during the operation.

Read more: How SFTP Works

What Port Does SFTP Use?

Unlike FTP over SSL/TLS (FTPS), SFTP only needs a single port to establish a server connection — port 22.

Read more: What Port Does SFTP Use?

What are SFTP Servers?

A typical file transfer server helps transfer files server-to-server or client-to-server, and SFTP servers are a more protected version: they encrypt data to keep sensitive information secure while moving files, and some have the added bonus of encrypting files at rest. SFTP servers use a single data channel in which login credentials as well as files are encrypted – because both authentication and files are encrypted, your connection is secure.

Read more: What are SFTP Servers?

Are SFTP Files Encrypted?

Yes, SFTP encrypts files by working over the SSH data stream to establish a secure connection and provide organizations with an increased level of file transfer protection due to its encryption capabilities.

SFTP uses encryption algorithms to securely move data to your server and keep files unreadable during the process, while authentication prevents unauthorized file access during the operation. SFTP uses only one connection and encrypts both authentication information and the files being transferred.

Read more: Are SFTP Files Encrypted?

Are SFTP and FTP the Same?

No, Secure File Transfer Protocol or SSH File Transfer Protocol (SFTP) and File Transfer Protocol (FTP) are not the same thing. SFTP, not to be confused with FTP Secure (FTPS), is a network which allows file access, transfer, and management over a secure data stream. FTP is a network protocol which is implemented in order to exchange files over a Transmission Control Protocol (TCP) and Internet Protocol (IP) network.

Read more: Are SFTP and FTP the Same?

Is SFTP or MFT Better?

Choose an SFTP solution if...

If you need a free or otherwise inexpensive way to send and receive secure file transfers to a handful of trading partners, an SFTP server and client tool might suit you. You can achieve basic needs like authenticating your users, transferring unlimited files per server connection, and controlling your port usage.

Choose an MFT solution if...

If you need a way to streamline all aspects of your file transfers, a managed file transfer solution is the better choice. With MFT, you can choose to transfer files using secure FTP protocols, including SFTP, FTPS, HTTPS, and AS2, and more!

SFTP vs. AS2

Secure alternatives to FTP

AS2, part of the Applicability Statement family, is one of the top file transfer protocols for Electronic Data Interchange (EDI) information. AS2 uses a secure TLS layer to secure data in transit and gives users the option of using a digital certification for authentication.

Unlike SFTP, AS2 has a feature that makes it unique: it allows users to request a Message Disposition Notification (MDN), also known as a receipt, that alerts the sender once the message has been received and decrypted by the recipient. For a deeper dive into the differences, read Which is Better: AS2 vs. SFTP?

SFTP vs. SSH

Although they are both used to transfer information securely, unlike SFTP, SSH is able to exist on its own. Typical applications for SSH are remote command-line, login, and remote command execution. SFTP is the file transfer protocol that provides secure file access, file transfer, and file management over a reliable data stream. Read more about the differences between SFTP and SSH >

SFTP vs. MFT (Managed File Transfer)

By nature, SFTP and MFT solutions both work to protect data in transit. They both authenticate trading partner connections with a combination of user IDs, passwords, or keys, and they both help satisfy strict requirements for data security laws like PCI DSS, HIPAA, and the GDPR. However, MFT solutions offer more functionality than just SFTP.

  • Flexibility: secure managed file transfersupports most file transfer protocols, including AS2, HTTPS, SFTP, and FTPS, to secure the exchange of information between users
  • Automation: Cut down on user errors, reduce or eliminate the need for scripts, and reduce manual time
  • Compliance and auditing: Track file transfer activity to maintain compliance with regulations and privacy laws
  • Clustering: Meet high volumes of file transfers by distributing processes across multiple systems for load balancing
  • Key and certificate management: Import, export, and monitor SSH keys and SSL certificates, and receive notifications ahead of expiration dates
  • Centralization: Manage and monitor all aspects of your file transfers from one dashboard

Managed file transfer includes an extensive list of security features, including encryption for files in motion and at rest, and supports workflow automation, file transfer monitoring, notifications, and auditing. Enhance your team’s productivity in multiple ways while keeping security at the forefront.

Read more on the differences between SFTP & MFT >

SFTP Automation

One of the largest differences between SFTP and an MFT solution is the ability to automate file transfer processes. MFT solutions provide SFTP automation, allowing IT professionals to streamline their organization’s exchange of data over a secure SFTP connection. Automation can improve multiple transfer processes: projects and tasks to run, file monitoring, data exchanged with cloud or web services, recurrent file transfers, and file encryption. Read more about SFTP automation >

SFTP vs. HTTPS

HTTPS (Hypertext Transfer Protocol Secure) is a secure version of HTTP, offering certificate authentication, encrypting a website’s inbound traffic, and using a TLS encryption layer for data integrity and privacy. HTTPS protects the identity, account details, payment information, and other sensitive details on behalf of web visitors.

Learn more about HTTPS

SFTP vs. TFTP

Like FTPS and SFTP, Trivial File Transfer Protocol (TFTP) is based around FTP technology but is a completely different protocol. Like FTPS and SFTP, the TFTP protocol does allow for file transfers but uses a completely different approach to how files are transferred.

As you might have gathered from the name, Trivial File Transfer Protocol is a stripped-down transfer protocol: it can only be used to send and receive files. TFTP is best used in cases where you know the exact file and its precise location and don’t require any security or encryption when sending or receiving that file. With TFTP, user authentication and directory visibility are not possible, and TFTP allows anyone who knows the right pathing to upload and download files. Read more about TFTP vs. SFTP >

SFTP vs. SCP

SCP is a more simplified, efficient transport algorithm, making it faster than SFTP, especially on high-latency networks. SCP does not, however, provide the ability to list directories, rename files, or other file management capabilities. It also does not resume transfers if there are connectivity issues. Read more about SFTP vs. SCP >

SFTP Software

SFTP Client

A file transfer client gives you the ability to connect to a server and upload files to or download files from that server. SFTP can be run natively from the shell on most machines, allowing users to transfer files via SFTP from the command line between computers. Graphical SFTP clients have user interfaces but still require programmer time to make custom scripts, run commands, manually audit, and potentially use add-on tools (like PuTTYgen).

MFT solutions are among the most robust SFTP client software solutions. They can be deployed on-premises or in the cloud and give you the ability to streamline and safeguard traditional SFTP data submissions with features like automation, status notifications, transfer resume, and integrity checks.

SFTP Server

A typical file transfer server helps transfer files server-to-server or client-to-server, and SFTP servers are a more protected version: they encrypt data to keep sensitive information secure while moving files, and some have the added bonus of encrypting files at rest. SFTP servers use a single data channel in which login credentials as well as files are encrypted – because both authentication and files are encrypted, your connection is secure. Read more >

Free SFTP Software vs. Enterprise

Free SFTP software an inexpensive way to occasionally exchange files, providing basic functionality for simplistic needs. Enterprise-level SFTP software typically comes with robust security, automation, auditing and reporting functionality that streamline the transfer processes across an organization. 

As you evaluate your needs against your budget, weigh these pros and cons against the ones for an enterprise-level SFTP solution to better determine which will fit your organization’s file transfer needs.

 

Why Use Secure FTP Software?

Secure FTP solutions, including GoAnywhere MFT protect sensitive file transfers with strong encryption and authentication methods. GoAnywhere's support for the three secure FTP standards (SFTP, FTPS and SCP) creates encrypted tunnels between client and server systems.

Secure FTP client and secure FTP server

Learn More About the Secure FTP Solution Components in GoAnywhere MFT

SECURE FTP SOFTWARE FEATURES—AT A GLANCE

  • Supports SFTP (SSH), FTPS (SSL/TLS) and SCP (Secure Copy) standards
  • Provides both client and server components
  • Runs on multiple platforms including Windows, Linux, IBM i, AIX, UNIX and Solaris
  • Authenticates connections with user IDs, passwords, keys and certificates
  • Supports large files with auto-resume and integrity checks to help guarantee delivery
  • Produces full audit logs of all Secure FTP activity

Try Secure FTP Software Today

Looking for the best FTPS, SCP, or SFTP server for your file transfer needs? Learn how GoAnywhere MFT can help you achieve your file transfer goals with secure, encrypted FTP clients and servers for Windows, Linux, IBM i, and other platforms.

Start a Free Trial   

secure FTP testimonials

We use the SFTP interface for financial messages from customers. We are currently on target for 40 million+ transfers per year.

Mark Allen , File Movement Engineer | Bottomline Technologies

GoAnywhere MFT allowed us to eliminate and reduce the need for custom programming to transfer files and database records between dissimilar database management systems.We found GoAnywhere to be highly intuitive, flexible, and easy to use.

Van N. Sy , Vice President | Think Bank

SFTP Deployment Options

Cloud

SFTP itself isn’t necessarily cloud-based, but it can be used to transfer data to, from, or within cloud-based environments. You can also deploy an SFTP client or server within you preferred cloud platform. Your server, whether already in the cloud or on-premises, serves as the “tunnel” for all transfer activity. Read more >

You can use SFTP for cloud-based file transfers in many different ways:

  • Using a hosted server, like Azure, AWS, or VMware to achieve cloud SFTP
  • Deploy an on-premises SFTP solution and transfer data to and from the cloud
  • Deploy an SFTP solution in your cloud environment to transfer data
  • Use a SaaS solutionthat includes built-in secure file transfer protocols

Other Operating Systems

SFTP software can be deployed on-premises as well as in the cloud, including on platforms such as AIX, IMB i, Linux, Windows, and Mac OS.

MFT in the cloud

DMZ Secure Gateways

Traditionally, SFTP servers have been installed in the DMZ (or public facing) segment of the network since organizations were fearful of opening inbound ports into the Private (internal) network. Keeping the SFTP server in the DMZ, however, has posed several problems. The primary issue is that files have to be stored in the DMZ when they are dropped off by partners, or otherwise staged temporarily for pickup. Those staged files have a higher risk of being accessed by hackers since the DMZ is more exposed to the Internet.

An approach that is quickly gaining in popularity is to implement a gateway component in the DMZ. The gateway will serve as an enhanced reverse proxy which does not require inbound ports into the private network. At startup time, the SFTP server will establish a special control channel with the gateway, which is kept alive continuously. When partners connect to the gateway, it will make requests over the existing control channel to the SFTP server. The SFTP server will then open any data channels needed back through the gateway to service the trading partners. The whole process is transparent to the trading partners. No data is ever stored in the DMZ since it is simply streamed through the gateway. Read more >

Protect your files by keeping them out of the DMZ. Keep your file servers securely in your internal network:

  • Secure inbound ports to your network.
  • Share files with trading partners and clients without storing confidential documents in the DMZ.
  • Enhance the security of any environment or operating system.

More about GoAnywhere Gateway

Achieve More with GoAnywhere MFT

GoAnywhere MFT is more than just SFTP. Expand the security, functionality, and flexibility of your solution with a selection of licensable modules.

  • Advanced Workflows: Achieve secure FTP automation. Define how your file transfers and processes are configured.
  • Secure Folders: Grant trading partners and customers access to authorized files and folders.
  • Secure Mail: Send encrypted messages and files through GoAnywhere's web client or Microsoft Outlook.
  • Cloud Connectors: Achieve easy connectivity, including centralization and automation, with popular cloud and web applications like Box and SharePoint.

Explore our full list of modules

Is it Time to Start Securely Transferring Data?

Strengthen the security of your data in transit with a secure SFTP, FTPS, or SCP solution. Take the first step by downloading our Free FTP Server for GoAnywhere.

Download Free License

Secure Your File Movement with GoAnywhere

Start a free 30-day trial and see if GoAnywhere is the right solution for your organization.

GET STARTED