The Difference Between FTPS vs SFTP
When securely transferring data from point A to point B, there are two commonly used protocols: FTPS and SFTP. Although both of these protocols are quite similarly named (apart from the " S " placement"), they do have some significant differences.
Both protocols offer a high level of security and support a wide range of functions. However, they also have some important differences. These main concerns are the way data is exchanged, how connections are authenticated and managed, firewall considerations, and the level of security.
Knowing these key differences between FTPS and SFTP will help you decide which protocol is suitable for you.
FTPS explained
Before we turn to FTPS, it is first essential to understand FTP. FTP (File Transfer Protocol) is a network protocol that has been around for decades and exchanges data over two separate channels. The channels are referred to as the command channel and the data channel.
When using FTP, these two channels are unencrypted by default. When the FTP protocol was developed over 40 years ago, issues such as encryption and the need for the highest possible level of security were not relevant. Malicious actors can exploit this vulnerability and intercept or eavesdrop on all data sent over these channels.
In today's world, sending data over a public network without encryption is very risky. Therefore, security enhancements have been worked on to protect data transmission with SSL (Secure Sockets Layer) and now TLS (Transport Layer Security). FTP security extensions were announced in RFC 2228 to allow for encrypted communication to take place instead of transferring sensitive information over plain text (as is the case with FTP).
This leads us to FTPS, which is short for FTP over SSL and is equivalent to the secured version of the file transfer protocol. This protocol performs certain tasks on a remote machine, such as show folder contents, changing directories, creating folders, deleting files, etc. To do so, you can use an FTP program such as one of the ones we've listed in our best FTP clients article.
SSL is a secure communication method used between servers and clients. You're likely familiar with SSL/TLS if you've browsed through an HTTPS-enabled website or sent/received an email over a secure mail server.
When using FTPS, you have two options regarding how you'll secure your communications. These are:
Implicit SSL: The client can connect to the server, but no negotiation is possible. Therefore, no data transfer is possible before the secure connection is established. The server will reject any attempt to establish an FTPS connection without SSL. While still in use today, Implicit SSL is considered obsolete by most, and users should prefer explicit SSL instead.
Explicit SSL: Allows the client and server to negotiate the level of protection used before authentication. Explicit SSL makes it much easier for your server to serve clients that support FTPS while also serving clients that do not. The client first establishes an unencrypted connection to the FTP service with this option. Before sending the user credentials, the client prompts the server to switch the command channel to an SSL-encrypted channel. After successfully setting up the SSL channel, the client sends the user credentials to the FTP server. These credentials and all other commands sent to the server during the FTP session are automatically encrypted over the SSL channel.
Pros and cons of FTPS
There are pros and cons to using FTPS instead of the alternative - SFTP. Check out the list of these pros and cons below.
Pros
- Well known and widely used
- Interaction can be understood by humans
- Easy to implement
- Provides services for server-to-server file transfer
- SSL/TLS has excellent authentication mechanisms (X.509 certificate features)
Cons
- No uniform directory listing format
- Hard to use behind firewalls (requires secondary DATA channel)
- Not all FTP servers support SSL/TLS
- Does not specify a requirement for filename character sets (encodings)
SFTP explained
With SFTP, the "S" stands for SSH, resulting in FTP over SSH. SSH refers to secure shell which is a cryptographic network protocol. SSH allows machines to connect to each other with the help of public and private keys. Once the connection is verified, both machines can communicate securely.
Using SFTP, you can transfer data using a single connection between the client and server. This is a key differentiator from FTPS as it requires more than one connection.
Pros and cons of SFTP
Similarly to FTPS, SFTP also has a few pros and cons. These include the following:
Pros
- Uses only one connection
- Has a detailed requirements background which specifies most (if not all) elements of operations
- Easier to port through firewalls
- Directory site listing is consistent and machine-readable
- Includes operations for permission and attribute manipulation, file locking, and more
Cons
- Communication is binary, not human-readable
- SSH keys are harder to manage and validate
- Possible compatibility issues
- No server-to-server copy and recursive directory removal operations
FTPS vs SFTP - Which one should you choose?
In answering this question, the most important thing first: as far as the security level is concerned, there is no difference between FTPS and SFTP. Both provide a secure channel for transferring files with strong authentication options.
Many web developers prefer SFTP over FTPS because it is easier to use with firewalls. SFTP requires only one port number to be opened by the firewall and used for all communication, whereas with FTPS, multiple port numbers need to be used.
FTPS is designed to give you the choice of encrypting both the command and data channels or just the data channel. The separate connection of the command and data channels lets FTPS achieve high data transfer speeds. When it comes to who is faster, FTPS will probably be a little bit ahead.
We have created a step-by-step guide on securely uploading content to a KeyCDN Push Zone. You can either use FTP / FTPS (although - as we have learned - we recommend using FTPS in any case) or rsync over SSH.