What is SFTP?

SFTP is an abbreviation of SSH File Transfer Protocol, and is exactly that - a protocol for transferring files over an SSH connection. You can use CompleteFTP server as a Windows SFTP server.

SFTP is not the standard FTP protocol running over SSH. Although SFTP has similar capabilities and even similar commands to standard FTP, these similarities are purely superficial. The protocol is completely different and incompatible with FTP and its secure extension, FTPS (FTPS vs SFTP).

SCP is also a file transfer protocol that runs over SSH connections. It is a precursor to SFTP, and allows the copying of files and directories over SSH.

In order to understand SFTP and SCP, it is helpful to have a basic understanding of SSH.

SSH - Secure Shell

SSH is a standard designed to allow logging in and execution of commands on a remote computer in a manner similar to telnet, rlogin, and rsh. Unlike these protocols, it does this through an encrypted network connection thus offering a much higher level of security.

The first version of the standard, SSH-1, was designed in 1995 by Tatu Ylönen. The second version, SSH-2, is being standardized by the IETF SECSH working group. It offers a higher level of security than its predecessor.

In order for a computer to be able to accept SSH connections, it must be running an SSH server, such as sshd, on a publicly accessible port (usually port 22). The client computer must have an SSH client, such as CompleteFTP server, and be known to the server.

Private/public key-pairs in SSH typically use either the DSA or RSA asymmetric key algorithms. Most SSH servers support both.

Clients perform server validation in SSH via a known hosts file. The client maintains a file containing the hostname (or IP address) of the SSH server, together with the server's public key. When clients connect to the server, they are sent a copy of the server's public key which they can compare with their own record of the server's public key.

The server authenticates clients who connect to it. The client must be previously set up as an SSH user (or in some cases as a user on the server machine). In password authentication, the client supplies their password which the server authenticates as belonging to that user. In public key authentication, the client uses its private key to sign some data, and sends the signature to the server. The server uses the client's public key to verify the signature. In this case the client's public key must be available on the server.

SCP - Secure Copy

File transfers have been supported through a command called SCP since the early days of SSH. This command simply securely copies files or directories between remote computers. It provides no other file operations such as listing, deleting, renaming, and directory navigation.

SCP itself does not provide authentication and security - it relies on the underlying protocol, usually SSH.

CompleteFTP server as Windows SFTP server

CompleteFTP server supports SFTP, SCP and SSH, as well as other protocols. It can be used as a Windows SFTP server and despite having an abundance of features, CompleteFTP server is compact and simple to install. You can be up and running in a couple of minutes.

Comparison of FTPS and SFTP