Secure FTP, FTP/SSL, SFTP, FTPS, FTP... So what's the difference?

File Transfer Protocol

• Standard FTP
• Typically runs over TCP port 21
• Stream based protocol, The TCP/IP transport layer handles the flow control sending a signal to acknowledge the receipt of data transparently.
• The FTP client establishes two connections to the server, a control connection and data connection. A new data connection is established for each file transfer and directory listing.

• Widely known and used
• Fast file transfers
• Site to site transfers (provided the FTP server allows it)

• FTP is by default an insecure protocol, during login the password is sent in clear-text over the network, unless the client and server support S/KEY or OTP (One time password) authentication
• Requires a secondary DATA channel, which makes it hard to use behind the firewalls

File Transfer Protocol over TLS/SSL

• Often called 'FTPS'
• Typically runs over TCP port 21 or 990
• Standard FTP over TLS/SSL encrypted channel
• Explicit SSL - The FTP client sends a command ( i.e. "AUTH SSL" or "AUTH TLS") to the ftp server to establish a secure control connection.
• Implicit SSL - The connection is automatically secure as soon as the FTP client makes a connection to the FTP server. Typically port 990 is used in this configuration.
• Stream based protocol, The TCP/IP transport layer handles the flow control sending a signal to acknowledge the receipt of data transparently.

• Password is encrypted
• Transfer is encrypted
• Site to site transfers (However, not all FTP servers support secure site to site transfers)

• Not all FTP servers support SSL/TLS
• Requires a secondary DATA channel, which makes it hard to use behind the firewalls
• Slightly slower than FTP due to the encryption/decryption.

SSH File Transfer Protocol

• SSH File Transfer Protocol
• SFTP is a completely different protocol from traditional FTP
• Typically runs over TCP port 22
• Packet based protocol, The SSH protocol handles the flow control sending a signal to acknowledge the receipt of data. This is done on top of underlaying TCP/IP.
• SFTP uses a single connection for sending commands and data.

• The connection is always secure
• Password is encrypted
• Transfer is encrypted
• SFTP is considerably more firewall friendly than FTP because it only requires one port to establish a connection and carry out file operations.

• Much slower than FTP or FTP/SSL because the protocol is encrypted and packet based.
• No support for site to site transfers

• File Transfer Protocol at wikipedia.com
• 0959 File Transfer Protocol.
• 1122 Requirements for Internet hosts - communication layers.
• 1123 Requirements for Internet hosts - application and support.
• 1579 Firewall-Friendly FTP.
• 2389 Feature negotiation mechanism for the File Transfer Protocol.
• 2428 FTP Extensions for IPv6 and NATs.

• FTP over SSL at wikipedia.com
• 2228 FTP Security Extensions
• ftp-ssl Securing FTP with TLS

• SSH File Transfer Protocol at wikipedia.com