I know SFTP is FTP over SSH and FTPS is FTP over SSL/TLS.
When do we use SFTP and when do we use FTPS?
Could you please compare/contrast SFTP and FTPS ?
-
SFTP versus FTPS
-
I use SFTP on my Ubuntu servers to allow outside users to send pictures for my brother's web sites. His customers can upload pictures and testimonials. SSH is installed by default on my Ubuntu and CentOS 7 servers. Adding FTP to it and opening the ports on my Fortinet 60E allows it to be secured. I can configured a username and password for them to use.
FTPS is setup when you have a server with SSL certificates on a web site. In Microsoft IIS, you can add a SSL certificate from GoDaddy to secure the site. Under it is FTP. You can setup both Web and FTP services for encrypted secured access.
-
@razmik-artonian-0 said in SFTP versus FTPS:
I know SFTP is FTP over SSH and FTPS is FTP over SSL/TLS.
Could you please compare/contrast SFTP and FTPS ?
I'm answering this one first because to me it makes sense to do so.
FTPSis essentiallyFTPwith security built on top of it. When you connect it's basically FTP, remember that it operates over "control" and "data" channels. By default FTP, neither is secured. But with FTPS, you can choose to secure one or both (so either "control" and "data" or just "data"). But it's a choice that has to be setup to do so. But using it, does make sure connection is secured for data to pass through a secured connection. It uses multiple ports, the more requests the more ports are opened.SFTP, is not built upon FTP but rather onSSH. So right there is a big difference. The other is SFTP uses only a single connection that encrypts both authentication information and data files being transferred. There is no if it's configured to do so or not. It is by nature built on SSH. Uses only a single port for all the connections needed.- Both methods can use multiple means of authentication. Both provide security.
When do we use SFTP and when do we use FTPS?
- Short answer is which ever one is set up for you on the other side but it's not a helpful answer. I know...but that's reality and let me explain why...
- @Michael-McKenney gave a couple of good examples.
- For me, it comes down to passing through a
firewalland what you're destination is willing to do .- You and the other end will have to open a range of ports in your firewalls to allow for
FTPSconnections, which can be a security risk for your network or security policy doesn't allow the opening of a range of ports.SFTPneeds only a single port number for all SFTP communications and makes it easier to secure through the firewall.
- You and the other end will have to open a range of ports in your firewalls to allow for
