As web developers, we often use a wide range of technologies, tools and protocols. One such important tool is a secure network protocol called SFTP.
What Exactly is SFTP?
SFTP, or Secure File Transfer Protocol, is a method by which website files can be securely transferred (uploading and downloading) between a local computer and a web server using an encrypted connection.
SFTP vs. FTP
Standard FTP (File Transfer Protocol) is the method by which data is transferred in plain text, unencrypted. That means passwords and files can be easily seen by anyone “sniffing” the network, using a simple tool to grab your login info during transfer. SFTP is a much more secure alternative because it uses encryption to scramble data, so even if captured, it becomes useless gibberish without the key.
Thus, standard FTP was used primarily during the early days of the Internet and the World Wide Web. Long since then, SFTP has replaced it.
SFTP and SSH
SFTP rides on SSH (Secure Shell), a protocol for secure remote logins. SSH handles the heavy lifting with its encryption tools. As such, it utilizes encryption and authentication mechanisms that make it difficult to compromise. SFTP runs as part of this setup, using the same port, often 22, for all traffic.
Why SSH? It verifies both ends of the connection. This makes SFTP reliably secure for daily use. Servers worldwide rely on it for protected access.
SFTP vs FTPS
People often confuse SFTP with FTPS. So what is the difference? FTPS adds SSL/TLS to FTP, in that it still uses FTP commands but encrypts the channel. SFTP, on the other hand, is a full protocol over SSH such that there are no FTP roots at all. It simplifies things with one connection for control and data.
How SFTP Works
SFTP starts with a secure, encrypted connection between the client and web server. When you launch an FTP client to connect for the first time, you enter your SFTP login credentials including the host, port (22 for SFTP), username and password. The server then responds and then established a securely encrypted session.
Data Integrity and Encryption in Transit
Once connected, SFTP encrypts each data packet such that even if intercepted, the data packets look like noise and are otherwise unusable.
Reliability and Transfer Resume Capabilities
SSH handles drops better than traditional FTP. If your network hiccups, SFTP reconnects and picks up where it left off rather than restart from the beginning.
Client Software
FileZilla is a free-to-use, FTP client software that is very popular. Other FTP clients include SmartFTP, Core FTP, WinSCP and Cyberduck (for Mac).
Best Practices for Configuration
When it comes to setting up SFTP, you should consider disabling direct root login right away as it is seen as being too risky. Edit SSH config to say no.
To further enhance SFTP security, you can also switch to key auth over passwords. Generate pairs and add public keys to authorized files.
Monitoring and Security Maintenance
To protect against potential server breaches, you can check your SFTP logs daily for failed logins using tools like fail2ban to ban repeat offenders automatically.
EMAIL US