SFTP vs FTPS: How to choose the right protocol?

thumbnail

How do you choose the right file transfer protocol, and which one is the best? We’re lining up SFTP vs FTPS – to find out the difference between FTPS and SFTP, and see which protocol is best.

What is SFTP and how to use it?

SFTP stands for Secure File Transfer Protocol – or more accurately, Secure Shell File Transfer Protocol. In practice, it works like FTP for transferring files over the Internet – but technically speaking, it is a totally different protocol that focuses on security.

sftp vs ftps

When using SFTP, the server must verify the identity of both the sender and the receiver. This is done with either a user ID and password or an SSH (Secure Shell) key. The latter is preferred, because SSH keys make it so much more difficult for hackers to spoof a connection or to impersonate a user and password combination.

This is due to the fact that pairs of SSH keys are required: one SSH key is stored on the sender’s computer, and the other is loaded on the server. The connection will only be verified if the keys fit together – so even if the user ID and password are compromised, the connection remains secure.

The easiest way to use SFTP is through an FTP client, like Commander One, that can use the SFTP protocol. A command-line client can also be used, but this is only recommended for advanced users.

Advantages of using SFTP

SFTP security is extremely high, because both the sender (client) and the receiver (server) must be verified with uniquely generated pairs of SSH keys. It’s the only file transfer protocol that provides protection across the entire data transfer process – malicious actors won’t be able to find vulnerabilities at any point in the chain.

Not only is it one of the most secure ways of transferring files over the Internet, it’s also one of the simplest.

Unlike other file transfer protocols, SFTP uses a single port (TCP port 22) to establish a connection to the server, ensuring good data integrity and encryption. This makes it the preferred method of file transfer for most users.

What is FTPS and how to use it?

FTPS meaning: File Transfer Protocol Secure. At its simplest, FTPS is an extension of FTP. They both work in the same way, with the same protocol – but FTP alone offers no encryption when transferring files between client and server.

What is FTPS

The FTPS protocol adds on encryption through a third party certificate, like an SSL (Secure Sockets Layer) certificate – but preferably through Transport Layer Security (TLS). Unlike SFTP, which uses a single encrypted communication channel, FTPS uses two: one connection for commands and another for data transfer. And that brings us to the key difference between SFTP and FTPS.

There are actually two kinds of FTPS: implicit FTPS and explicit FTPS. Implicit FTPS encrypts both the command and data connections, at all times. This is the most secure type, as commands cannot be spoofed and data cannot be intercepted. The problem is that the constant encryption of large files uses a lot of bandwidth, which can slow the transfer. In explicit FTPS, only commands and user authentication are always secure – the data channel can be either encrypted or unencrypted.

This flexibility is useful for non-confidential file transfers, where speed is a necessity and data security isn’t always essential. Access to the server still remains secure and commands cannot be intercepted – but the data is vulnerable to interception. To use FTPS, an FTP client that supports FTP over TLS is recommended. A command-line client can also be used.

Advantages of using FTPS

Explicit FTPS speed is faster than SFTP, because large files of non-sensitive data can be unencrypted. This may be useful for quickly transferring large files that are already publicly available.

There are some disadvantages to FTPS, too. FTPS is more complex to implement, because it requires more firewall configuration. This can make setup more difficult, cancelling out the speed advantage it holds over SFTP. The additional configuration requirements can also expose vulnerabilities in the firewall while the connection is open.

What’s the difference between SFTP vs FTPS

Unlike FTP and FTPS, SFTP uses the Secure Shell protocol, with only one connection. It encrypts both the authentication information and the files being transferred, at all times.

SFTP also uses a single port number, which makes it easier to configure firewall permissions. FTPS adds a secure layer to the FTP protocol. Like FTP, it uses two connections: one for data transfer and one for commands. Because encryption can be turned off in explicit FTPS, speed is a little faster – but it’s not as secure or as simple to configure as SFTP.

What port does SFTP use?

SFTP uses port 22 – this is the only port to configure, making SFTP quick and easy to implement.

What ports does FTPS use?

Compared to SFTP, ports for the FTPS protocol are a little more complicated. For commands, explicit FTPS uses port 21 while implicit FTPS uses port 990. Once connected, the client and server then negotiate a port for data transfer – by default, either port 20 or random ports. This depends on whether the connection is active or passive, with passive being the more secure – but this may require additional firewall settings changes, which could leave temporary holes in the firewall.

What to choose: SFTP or FTPS?

So, in the face-off of SFTP vs FTPS, there can only be one winner – and SFTP takes the title.

While it does have a slight speed disadvantage over FTPS, the fully encrypted security features and simplicity mean SFTP is the best protocol for secure file transfer. While FTPS is still highly secure (especially implicit FTPS), it has a more complicated setup which introduces several disadvantages over SFTP. For legacy systems, however, it’s still a strong, secure method of file transfer.

How to choose SFTP/FTPS client

Choosing an SFTP/FTPS client can feel like a tricky decision. There are so many paid and free options available, all with similar features and abilities. It can be hard to tell them apart.

The best SFTP/FTPS clients offer a simple, flexible user interface, dual panel views and flexible FTP options beyond FTPS or SFTP. it should also have options for advanced users, like a command terminal and integration with cloud computing platforms.

Commander One does all this – and so much more.

Introducing Commander One: the Best SFTP/FTPS Client for Mac

Commander One

Commander One is an FTP client that supports all file transfer protocols – including FTP, SFTP and FTPS. It gives users a deeply customizable interface, advanced features and user-assigned hotkeys, for superfast file management. It’s also a highly advanced file management system for local files, shared network files and servers. You can manage files on a server as if they’re stored locally on your own computer.

Commander One is free to use, but it’s not open-source – which means it’s totally secure and reliable, with regular updates. A PRO version is available, which includes deeper features for advanced users. This consistent update schedule means that Commander One now runs natively on Apple silicon – with full support for the M1 chip and ARM processor architecture.

Pros

  • Supports FTP, SFTP, FTPS;
  • Cloud compatible;
  • Dual panel interface;
  • Full support for the M1 chip.

Cons

  • No tools for synchronising directories;
  • Not all features are available in the Free version.

Frequently Asked Questions

SFTP is better than FTPS in most cases. This is because it is always encrypted and secure. It’s also simpler to configure as it uses a single port, while FTPS can use several at once.

Yes – but only implicit FTPS (over TLS) is secure enough for sensitive data, because both the data and command connections are always encrypted. However, this uses a lot of bandwidth and requires more firewall management, which could also open vulnerabilities.

FTPS is faster than SFTP, when explicit FTPS is used. This is because the data connection can be unencrypted, which uses a lower bandwidth. However, this is less secure than SFTP.

SFTP is preferred over FTP because SFTP is the most secure file transfer protocol. Regular FTP does not offer any encryption and is vulnerable to attack at any stage of the transfer.

No, SFTP uses a different protocol called SSH (Secure Shell) and does not require an SSL certificate.

Port 22. SFTP uses a single port and a single encrypted connection for commands and data transfer.

SFTP is a TCP protocol that uses TCP port 22. UDP is a connectionless protocol, which cannot guarantee the delivery of data packets.