The Difference Between FTPS vs SFTP
When it comes to securely transferring data from point A to point B there are two commonly used protocols: FTPS and SFTP. Although both of these protocols are quite similarly named (apart from the placement of the "S") they do have some significant differences. Both protocols offer a high level of security and support a broad range of functionality, however, their differentiation points exist primarily in how connections are authenticated and managed.
In this article, we're going to explain the difference between FTPS vs SFTP so that you can make an informed decision regarding which protocol is right for you.
FTPS, which stands for FTP over SSL, is the secured version of the file transfer protocol which has been around for quite some time. This protocol is used to perform certain tasks on a remote machine such as show folder contents, change directories, create folders or delete files, etc. To do so, you can use an FTP program such as one of the ones we've listed in our best FTP clients article. SSL, or secure sockets layer, is a secure communication method used between servers and clients. You're likely familiar with SSL/TLS if you've ever browsed through a website that was HTTPS-enabled or sent/received an email over a secure mail server.
FTP security extensions were announced in RFC 2228 to allow for encrypted communication to take place as opposed to transferring sensitive information over plain text (as is the case with FTP). When using FTPS, you have two options to choose from regarding how you'll secure your communications. These are:
- Implicit SSL - Let's the client connect to the server, however, no negotiation is allowed. Therefore, no data transfer is permitted before establishing the secure connection. Implicit SSL is seen by most as obsolete and users should favor explicit SSL instead.
- Explicit SSL - Allows the client and the server to negotiate the level of protection used prior to authentication. With Explicit SSL, it makes it much easier for your server to cater to clients which support FTPS while also catering to clients which do not.
Pros and cons of FTPS
There are pros and cons to using FTPS as opposed to the alternative - SFTP. Check out the list of these pros and cons below.
- Well known and widely used
- Interaction can be understood by humans
- Easy to implement
- Provides services for server-to-server file transfer
- SSL/TLS has excellent authentication mechanisms (X.509 certificate features)
- No uniform directory listing format
- Hard to use behind firewalls (requires secondary DATA channel)
- Not all FTP servers support SSL/TLS
- Does not specify a requirement for filename character sets (encodings)
With SFTP, the "S" stands for SSH, resulting in FTP over SSH. SSH refers to secure shell which is a cryptographic network protocol. SSH allows machines to connect to each other with the help of public and private keys. Once the connection is verified, both machines can communicate securely.
Using SFTP, you can transfer data using a single connection between the client and server. This is a key differentiator from FTPS as it requires more than one connection.
Pros and cons of SFTP
Similarly to FTPS, SFTP also has a few pros and cons. These include the following:
- Uses only one connection
- Has a detailed requirements background which specifies most (if not all) elements of operations
- Easier to port through firewalls
- Directory site listing is consistent and machine-readable
- Includes operations for permission and attribute manipulation, file locking, and more
- Communication is binary, not human-readable
- SSH keys are harder to manage and validate
- Possible compatibility issues
- No server-to-server copy and recursive directory removal operations
FTPS vs SFTP - Which one should you choose?
Many web developers and security buffs prefer SFTP over FTPS as it's easier to use in conjunction with firewalls and in general, is technologically superior. That being said, in theory, there is no difference in the level of security offered by both FTPS and SFTP. Some say it is easier to configure a secure connection with SFTP directly "out-of-the-box" compared to FTPS. If you're uploading content to a KeyCDN Push Zone you can choose to use either FTP/FTPS or SFTP.
Overall, both protocols offer a high level of security and are much safer to use than standard FTP. Furthermore, depending on your use-case it may even be quite beneficial to support both protocols in order to improve compatibility.