FTP vs. FTPES / FTPS and SFTP - what's the difference?

The FTP service for uploading and downloading files is well known. But what is the difference between the various other types such as FTPS or SFTP? Which of them is responsible for the secure transmission? To understand the difference, let's start by explaining the regular FTP protocol.

What is FTP

The FTP protocol has its origins in 1971 when the first RFC entry (959) for the FTP protocol was published. FTP has functions to copy (upload), download (download), copy (copy) and delete (delete) files to another computer / server. In addition, directories can be created, deleted and read. Authentication is carried out using a user name and password via an unencrypted connection, as is the transfer (usually via standard port 21).

What is FTPES / FTPS?

With FTPS - File Transfer Protocol over SSL, the connection is established and the data is transferred using the SSL / TLS protocol. There are two types:

  • Explicit mode (FTPES)
    In explicit mode, the client requests from the server that the connection should be secured and both accept the encryption from one another. If the client does not require this security, the server can either allow an insecure connection to the client, or throttle or block the connection.
  • Implicit mode (FTPS)
    In the implicit mode, negotiating a connection is not permitted and is mandatory. After the client's request, the server already sends its response via SSL / TLS. If he does not receive an answer, the connection is refused. However, this mode is not described in the official RFC 4217, which is why there is no standard for it and we do not support it.

Authentication is carried out using a user name and password via an encrypted connection, as is the transfer.

This security feature for FTP is called FTPES.

What is SFTP

Another protocol security standard has commonly emerged in UNIX systems: SSH. The main function of SSH at that time was the encryption of remote access to the UNIX shell, and was later extended by the File Transfer Protocol (FTP) - first with SCP, then with SFTP. SFTP has nothing to do with the actual FTP and is therefore also known as the “SSH File Transfer Protocol”. Authentication takes place using a user name and password and the transmitted data is encrypted.

SFTP is the "SSH File Transfer Protocol" over an active SSH connection.

The common mistake

The abbreviation SFTP is often misused to describe "Secure FTP", which in fact it is not.
A similar mistake is that the term SFTP is often used as "FTP over SSL", which is also incorrect in this context. "FTP over SSL" is FTPS!

And now, FTPS or SFTP?

We recommend that you avoid using FTP without encryption if possible.

Ideally, use FTPS with Explicit Mode (FTPES).

At SFTP the transmission of the access data is always encrypted, the exchange of files can be encrypted.

We offer SFTP with FTP Pro and FastFTP.