| SFTP is a protocol for transferring files using SSH to | | | | the client must enter their passphrase in order to |
| secure the commands and data that are being | | | | load their private key and complete the |
| transferred between the client and the server. When | | | | authentication process. |
| using FTP, the data that is being transferred is not | | | | Keyboard-interactive authentication uses the method |
| encrypted, exposing this data to eavesdropping, | | | | of asking the client a series of questions, and the |
| tampering, or message forgery. With SFTP, the data | | | | client must answer these questions correctly in order |
| that is transferred between the client and the server | | | | to be authenticated. This allows for the |
| is encrypted, preventing unauthorized users from | | | | implementation of assorted authentication methods. |
| accessing your data. | | | | For example, username and password authentication |
| Components Needed | | | | can be disabled on the server, but |
| To transfer files using the SFTP protocol, you will | | | | keyboard-interactive authentication could be used to |
| need a server that is configured for SFTP and a | | | | ask the client for their username and password. |
| client that supports it. Popular SFTP servers include | | | | File Compression |
| FileZilla, WinSCP, and DataFreeway. The most | | | | Most SFTP Clients provide an option to enable file |
| commonly used SFTP client is PuTTY, which is | | | | compression. With this option enabled, data sent by |
| available free of charge. Users who desire a more | | | | the server is compressed before sending, and |
| intuitive interface may opt for a more user-friendly | | | | decompressed at the client end. Likewise, data sent |
| client, such as Zephyr's PASSPORT. | | | | to the server is compressed first and the server |
| How SFTP Works | | | | decompresses it at the other end. This can help to |
| There are two basic components to file transfer with | | | | speed up file transfers, especially with low-bandwidth |
| SFTP; server validation and client authentication. | | | | connections. |
| These two components use public and private keys | | | | SFTP Versions |
| for authenticating communication between the client | | | | There are currently two versions of the SFTP |
| and the server. The server is validated by comparing | | | | protocol: SSH-1 and SSH-2. SSH-2 is a newer, more |
| the server's public key with the public keys stored on | | | | secure implementation. SSH-1 contains a known |
| the client machine. The server's public key is usually | | | | security vulnerability, and SSH-2 is recommended for |
| contained in a file called "known_hosts" located on | | | | optimum security. |
| the server, and the client's public key is stored in an | | | | SFTP vs FTPS |
| encrypted file on the local machine. | | | | SFTP and FTPS are two entirely different protocols. |
| Clients can be authenticated in three different ways: | | | | - SFTP uses SSH to secure transmissions whereas |
| - Username and password | | | | FTPS uses SSL security |
| - Private key and passphrase | | | | - The standard port setting for FTP is 21. The default |
| - Keyboard-interactive authentication | | | | port for SFTP is 22 |
| With username and password authentication, a user | | | | Summary |
| account is set up on the SFTP server. When using | | | | SFTP should be used when you need to transfer |
| private key and passphrase authentication, the client's | | | | sensitive or confidential data between a client and a |
| public key is added to the "authorized_keys" file on | | | | server that is configured to use SSH for secure |
| the server. Once the server validation has occurred, | | | | transactions. |