The Complete Guide to FTP: FTPS vs SFTP
Introduction: What is File Transfer Protocol (FTP) and why is it necessary?
The File Transfer Protocol (FTP) is a standard network protocol used by systems to transfer files between each other. The protocol is designed to overcome the limitations of the older methods for file transfer, such as sending files one at a time or transferring data between two computers connected by serial cables. It was originally written in 1977 for the purpose of transferring text-based computer files, but it has since been expanded to include other types of files and data.
File Transfer Protocol (FTP) is the most common way to upload files and digital media over the internet to web servers. FTP uses TCP/IP which means that it does not require any special equipment or hardware; computers that are connected with each other over the internet can use FTP.
FTPS vs SFTP – What’s the difference?
FTPS (FTP over SSL) is the same as standard FTP but secured and encrypted with SSL/TLS. It was designed to transfer files over a TCP-based network in a secure manner rather than plain text. FTPS is the recommended way to use FTP.
- FTPS is well known and commonly used
- FTPS allows for server-to-server file transfer to save time
- FTPS uses SSL/TLS which has good cryptography mechanisms using X.509 certificates
- FTPS and SSL/TLS is supported by nearly all FTP software clients
- FTPS does not have a uniform directory listing format
- FTPS uses a second DATA channel which can cause issues with firewalls
- FTPS does not define a standard for file name character sets & encodings such as UTF-8
- FTP servers need to be configured to support SSL/TLS
SFTP (FTP over SSH) is an extension of the FTP protocol, which has been developed to add features like data encryption and data integrity. It requires that the SFTP user has sufficient access rights to the host system to access the secure shell (SSH).
- SSH provides strong password authentication, public key authentication, and encrypted data communication
- SSH only needs one connection and no secondary DATA channel
- SSH directory listing is uniform and human-readable
- SSH supports permission & attribute manipulation, file locking, and more
- SSH connecti0ns are binary and can not be viewed in a human-readable format
- SSH requires each connection to have SSH keys added via SFTP or manually over SSH
- SSH is not available everywhere and not all web hosts offer SSH
- SSH has no native GUI and is mainly command-line based
The FTPS and SFTP protocols are not compatible with each other. There are certain cases where you might need to use one of these file transfer protocols, but it’s important to know what type of configuration your server requires so that you can choose the right one. More often than not you will be using FTP(S).
SFTP file permissions
When transferring files over SFTP you may notice they lack the correct file permissions to be used on many web hosting servers. This is because the SFTP user is a ‘system-level’ user, not an FTP user. As such, the default file permissions are not the same.
For example, you may find your files having 0664 permission after transfer and the files cannot be used until corrected to 0644.
To work around this issue, you can set the user file-creation mode mask (umask) that is used to determine the file permission for newly created files.
Since OpenSSH 5.4p1 you can use the “-u” option in your SSHD config file, for example:
Subsystem sftp /usr/lib/openssh/sftp-server -u 022
From the man page:
-u umask Sets an explicit umask(2) to be applied to newly-created files and directories, instead of the user's default mask.