File transfer protocols: FTP vs SFTP
The process of moving files from place to place is almost forgotten in today's world due to how commonplace it has become in the modern IT environment. Much like breathing, moving files is such a part of your daily routine that you can almost forget that you're doing it.
But what happens when one stops to think about this menial task? Are you going about this correctly? What about efficiency? Then there is always the looming question of, "Is the data safe?" This article takes a moment to think about these questions and introduces you to a couple of mainstays in the file transfer space.
[ You might also like: How to set up Linux chroot jails ]
File Transfer Protocol (FTP) and SSH File Transfer Protocol (SFTP), sometimes referred to as Secure File Transfer Protocol, do many of the same things, but there are some key differences and considerations to be made for each.
If you want to know which is best for you, in short, SFTP is a more secure option. However, in certain situations with unusual constraints, FTP may still be the more viable choice. Stick around, and take a deeper dive on this topic.
First, have a look at the things that both of these protocols allow. For one, they enable you to use an FTP client to connect to your servers. Many businesses have an (S)FTP client configured for routine use. You can also use a visual client, such as FileZilla, with either of these protocols. Secondly, you can always connect to your server, browse files (including hidden files), upload or download from your local machine to the server, and vice versa.
The differences between the two are where things get a little more interesting. These two protocols accomplish the same goal, but they go about it in very different ways. Take a look at how FTP operates, and then examine SFTP.
FTP in (a bit more) detail
The standard File Transfer Protocol (FTP) uses a client-to-server model. It does this by using two separate channels to move data between the client and server. These two channels are the command channel and the data channel. These channels are unencrypted (by default), meaning that if someone could gather data between the server and client (MITM attack), it would be easily read. This is due to FTP data being sent as plain text, making it very easy to gather information from the captured data.
Behind the scenes with SFTP
Unlike traditional FTP, Secure Shell FTP (SFTP) only uses a single channel to move the data. This channel is encrypted and is protected by a username/password combination or by the use of SSH cryptographic keys. Anyone who intercepts the transmission between the client and server would be unable to read the data due to the encryption.
[ Free course: Red Hat Satellite Technical Overview. ]
Which should you choose?
There isn't a 'one size fits all' choice, so you'll need to consider the file transfer in question. Does the data contain sensitive information? If keeping your data secure is important (and it almost always is), SFTP is probably the right answer. But sometimes, that's not the main issue to consider.
SFTP is generally slower than FTP due to the security built into the protocol. The data is encrypted, which takes time, but perhaps more importantly the protocol itself functions differently; it's not "streamed" like FTP.
One limitation of SFTP is that, being reliant on SSH, it requires authentication. This means if you want users to be able to connect anonymously (for example, with a public file server), FTP is the way to go.
In the coming weeks, I explore some of the basic SFTP commands, so be sure to keep an eye out for those here on Enable Sysadmin.