Header

What are the differences between FTP, FTPS and SFTP?

Backstage

When it comes to uploading files to your web server, you might find that you have a number of options available. In this post, we'll be explaining the most commonly used options available, and their advantages and disadvantages.

FTP

FTP, or File Transfer Protocol is a long-established, simple protocol for moving files from one machine to another. FTP allows a user (often referred to as the client), with the appropriate access and credentials, to connect to a server, then open a data channel to move files between client and server. FTP is a two-way protocol and allows a number of operations to be performed, including but not limited to:

  • STOR (upload a file)
  • RETR (download)
  • DELE (delete a file)

Note that these are the "raw" FTP commands and lots of FTP clients will wrap them within their own implementations, so you might when looking at FTP logs see variations of those commands, for example PUT instead of STOR, or GET instead of RETR.

Whilst FTP provides a simple way for client and server to send and receive files, it's generally deprecated in favour of FTPS on servers that still support FTP, due to all operations being unencrypted and therefore subject to a number of vulnerabilities, including packet sniffing attacks that can retrieve the data whilst its in transit.

FTPS

Moving on from FTP then, is FTPS. FTPS is essentially an extension of FTP, that allows a secure connection to be established between client and server with a handshake session which involves the exchange of SSL certificates and then the establishment of a TLS connection to move data securely.

FTPS therefore works in almost the same way as FTP and the operation commands are the same, except for the fact that all data is encrypted and decrypted before/after transit. This helps to mitigate a lot of the vulnerabilities that FTP is subject to.

FTP/FTPS generally as a protocol can offer speed advantages over other methods such as SFTP in the sense that less operational overhead is required to first establish an SSH session, and exchange keys etc, but it doesn't necessarily provide the same level of flexibility if you want to do more than just upload files.

It can also be the case that some hosting providers restrict access to only FTP, and it's therefore your only option for uploading files.

SFTP

SFTP, or Secure File Transfer Protocol, isn't actually a standalone protocol in the same way as FTP, but rather it's an extension of SSH (Secure SHell). By its very nature SFTP is a secure transfer service and supports authentication either by username and password (similarly to FTP), or with an SSH key.

SFTP works similarly to FTP with each operation having its own command, such as:

  • PUT (upload a file)
  • GET (download a file)
  • DELETE (delete a file)

Whilst out of the box SFTP can be slower than FTP, it can utilise a number of techniques such as file compression, to ultimately speed up the whole process. It also supports more advantage file operation techniques, such as the use of symlinks to reference other directories on a server - very useful if you want to use one directory in multiple places without having to store multiple copies of the same files.

SFTP being an extension of SSH also comes with the added bonus of being able to run commands (if access has been provided) on the server. This can be anything from starting and stopping a service, to downloading additional dependencies from a third party, or even implementing something like an atomic deployment strategy that involves running of multiple commands in a specific to reduce downtime during a file upload session.

Which should I choose?

When it comes to choosing which method will work best for you, you'll need to firstly check the options available - especially if you're using a shared hosting provider that restricts access to their servers.

With a deployment strategy for your website, even if you don't have full SSH access to run commands, using features such as DeployHQ's Build Pipeline can still allow you to run commands to perform important operations such as code compilation or fetching dependencies, before uploading the resultant files to the server.

More information about setting up a server to deploy to in DeployHQ can be found in our documentation.

As always, if you have any questions about any of the protocols discussed in the post, or any other aspect of DeployHQ, do get in touch.

A little bit about the author

I'm Adam W, or as everyone prefers to call me - Batman. I get a lot of satisfaction out of helping our customers and am committed to making their customer experience as positive as possible. When not offering support to our customers, you'll find me gaming, listening to music or running.

Tree

Proudly powered by Katapult. Running on 100% renewable energy.