This section provides some pros and cons of these two protocols

While FTPS and SFTP are completely different protocols, they offer the same basic feature – secure file transfers. It is therefore common to be faced with the choice of one or the other. This section provides some pros and cons of these two protocols.


Under ideal conditions SFTP and FTPS are able to offer comparable levels of security, but many SFTP deployments suffer from a vulnerability that is an artifact of SFTP's close relationship with SSH. The problem arises when you want to allow client SFTP access on a server but not SSH access. This is generally not a problem for pure SFTP servers (such as CompleteFTP), but for SSH/SFTP servers such as OpenSSH it can be quite complex and error-prone. So if you are not very careful when you set up your servers, users on machines with the SFTP client installed will be able to use an SSH client to log into the server and execute commands. This is not a problem with FTPS since this is purely a file transfer protocol and not a remote console protocol.


FTPS is a straight-forward extension to an existing FTP infrastructure. It is supported by most commercial servers and many open source servers (e.g. wu-ftpd and proftpd), so enabling FTPS on a server is usually just a matter of adding a few configuration options. There is no need to run additional servers since FTPS servers invariably also support FTP. There is also no need to open additional ports in firewalls since FTPS uses the same ports as FTP. It is important to note that data-transfer problems can sometimes arise when changing from FTP to FTPS - see "Firewalls" section below.


SFTP uses keys rather than certificates. This means that it can't take advantage of the "chains of trust" paradigm facilitated through Certificate Authorities. This paradigm makes it possible for two entities to establish a trust relationship without directly exchanging security information, which is important for some applications. FTPS uses certificates and therefore can take advantage of this paradigm. SFTP clients must install keys on the server.


SFTP often works better through some firewalls since it does not rely on multiple connections like FTP does. As explained in an earlier chapter, FTP and FTPS both use a control channel to send commands, and a new data connection for each file transfer. While the control channel is usually easily connected, it is common to experience firewall-related problems when connecting data-channels. This is particularly so in FTPS where the FTP-specific features of most firewalls are ineffective due to encryption. Since SFTP relies on a single network connection, it does not suffer from these problems.