View all posts

The Complete Guide to FTP: FTPS vs SFTP

Introduction: What is File Transfer Protocol (FTP) and why is it necessary?

The File Transfer Protocol (FTP) is a standard network protocol used by systems to transfer files between each other. The protocol is designed to overcome the limitations of the older methods for file transfer, such as sending files one at a time or transferring data between two computers connected by serial cables. It was originally written in 1977 for the purpose of transferring text-based computer files, but it has since been expanded to include other types of files and data.

File Transfer Protocol (FTP) is the most common way to upload files and digital media over the internet to web servers. FTP uses TCP/IP which means that it does not require any special equipment or hardware; computers that are connected with each other over the internet can use FTP.

FTPS vs SFTP – What’s the difference?

FTPS (FTP over SSL) is the same as standard FTP but secured and encrypted with SSL/TLS. It was designed to transfer files over a TCP-based network in a secure manner rather than plain text. FTPS is the recommended way to use FTP.

Pros:

  • FTPS is well known and commonly used
  • FTPS allows for server-to-server file transfer to save time
  • FTPS uses SSL/TLS which has good cryptography mechanisms using X.509 certificates
  • FTPS and SSL/TLS is supported by nearly all FTP software clients

Cons:

  • FTPS does not have a uniform directory listing format
  • FTPS uses a second DATA channel which can cause issues with firewalls
  • FTPS does not define a standard for file name character sets & encodings such as UTF-8
  • FTP servers need to be configured to support SSL/TLS

SFTP (FTP over SSH) is an extension of the FTP protocol, which has been developed to add features like data encryption and data integrity. It requires that the SFTP user has sufficient access rights to the host system to access the secure shell (SSH).

Pros:

  • SSH provides strong password authentication, public key authentication, and encrypted data communication
  • SSH only needs one connection and no secondary DATA channel
  • SSH directory listing is uniform and human-readable
  • SSH supports permission & attribute manipulation, file locking, and more

Cons:

  • SSH connecti0ns are binary and can not be viewed in a human-readable format
  • SSH requires each connection to have SSH keys added via SFTP or manually over SSH
  • SSH is not available everywhere and not all web hosts offer SSH
  • SSH has no native GUI and is mainly command-line based

The FTPS and SFTP protocols are not compatible with each other. There are certain cases where you might need to use one of these file transfer protocols, but it’s important to know what type of configuration your server requires so that you can choose the right one. More often than not you will be using FTP(S).

SFTP file permissions

When transferring files over SFTP you may notice they lack the correct file permissions to be used on many web hosting servers. This is because the SFTP user is a ‘system-level’ user, not an FTP user. As such, the default file permissions are not the same.

For example, you may find your files having 0664 permission after transfer and the files cannot be used until corrected to 0644.

To work around this issue, you can set the user file-creation mode mask (umask) that is used to determine the file permission for newly created files.

Since OpenSSH 5.4p1 you can use the “-u” option in your SSHD config file, for example:



Subsystem sftp /usr/lib/openssh/sftp-server -u 022

From the man page:

-u umask Sets an explicit umask(2) to be applied to newly-created files and directories, instead of the user's default mask.

Related Articles...

How to sync server time

How to sync server time in CentOS & AlmaLinux

The NTP protocol synchronises the clocks of computers over a network. In this article, we will show you how to quickly sync the server time. Many systems-related tasks and processes require the correct timezone. For example, the cron daemon uses... Read more

This website uses cookies

We use cookies for the analysis of our visitor data, to improve our website, and to give you a great website experience. For more information about the cookies we use, please see our cookie policy.