FTP vs SFTP
FTP and SFTP are both data transfer protocols. Nevertheless, they differ in the transfer and in their integrated security measures. We’ll show you how the network protocols work and when you should use FTP or SFTP.
What is FTP?
FTP stands for File Transfer Protocol and is used to exchange files between servers and clients. It contains rules for communication in an IP network. This allows data to be transferred to a server using a browser or FTP client.
FTP was developed as early as 1971. At that time, people weren’t aware of the internet’s potential dangers. Many of the FTP’s security gaps, which could be exploited by hackers, were only later noticed and closed. However, FTP still has its risks.
What is SFTP?
SFTP means SSH File Transfer Protocol and is an extension of FTP. It was published in 2001 by the Internet Engineering Task Force (IETF) and is also known as Secure Transfer Protocol. Unlike its predecessor, SFTP additionally uses an encrypted secure shell connection.
SSH is a tunneling protocol that transmits files securely over TCP port 22. Information isn’t transmitted in plain text but encrypted using cryptographic algorithms. This makes it more difficult for hackers to access passwords and confidential data. SFTP uses version 2 of the SSH protocol, which can be used to tunnel any TCP/IP application.
FTP vs SFTP – what’s the difference?
FTP and SFTP can both be used to upload and download files to a server. Most FTP clients, like FileZilla, support both protocols.
FTP uses two channels: a command channel and a data channel. This is the same as TCP ports 20 and 21, except that the connection is unencrypted. In contrast, SFTP with TCP port 22 offers only a single channel for data transmission, which is also cryptographically secured by SSH.
Another difference is the permitted file size for transfers. For FTP it’s 4 gigabytes and for SFTP it’s 16 gigabytes.
Rent your own FTP server with IONOS and enjoy safe file hosting. Find out how to set up your own FTP server in our FileZilla tutorial.
What’s better, FTP or SFTP?
Overall, SFTP is the more secure protocol for data transfers between a client and server. This means that sensitive information like configuration files can also be transferred in encrypted form. With FTP, on the other hand, hackers can intercept data in plain text.
SFTP also supports public-key authentication, which provides more protection than passwords. In addition, troubleshooting and configuring the client and server is easier with SFTP.
In the Digital Guide we explain how to set up a Windows SFTP server and how to set up an Ubuntu SFTP server.
What are FTP and SFTP suitable for?
The question of FTP vs SFTP depends on your data transfer requirements. FTP is suitable for data transfers that don’t need to be protected from unauthorised access. This might include publicly accessible documents or released software packages. In addition, FTP is sufficient for transfers in local, private networks, as long as they’re sufficiently secured.
If, on the other hand, confidential information needs to be exchanged between server and client, SFTP should be used. This makes it possible to transfer sensitive data securely and encrypted even in public networks. This includes, for example, personal data like financial information or health and login data. It’s also recommended to use SFTP between different branches of a company.