FTP v/s SFTP v/s FTPS

ftp sftp ftps

18,751

Solution 1

So the two sane options these days are:

WebDAV, nice on the server side, nice for Linux and Mac OS clients, however the inbuilt Windows client has issues.
SCP/SFTP, very easy as you're likely to have ssh anyway, GUI clients easily available (FileZilla for example)

Although FTP is still around I'd really avoid setting anything new up based on it.

Solution 2

I think the short answer is to use an FTP server that supports all three protocols. You probably want to avoid allowing FTP since you mentioned security as a primary concern but both the SSH2 File Transfer Protocol (SFTP) and FTP over TLS/SSL (FTPS) are considered secure file transfer protocols.

SFTP is definitely the favorite these days because of its robust security model and easier setup than traditional FTP and FTPS. SFTP is also considerably more firewall friendly than FTP because it only requires one port to establish a connection and carry out file operations.

FTP and FTPS require multiple ports (one port to issue commands and a separate port for each and every directory listing or file transfer) to accomplish the same thing that SFTP can do with one port. The requirement to setup forwarding for large numbers of ports can be a problem in many environments and can make troubleshooting problems very difficult. However, FTP and FTPS have been around a lot longer than SFTP and there are still lots of devices and clients that only support FTPS.

In terms of security, both the SFTP and FTPS protocols are considered secure. The requirement to open up multiple ports with FTPS can be viewed as a security concern but there is nothing inherently more secure about the SFTP protocol over the FTPS protocol.

The only real advantage I would give FTPS over SFTP would be performance. SFTP runs over a considerably more robust and generic protocol than FTPS and that robustness imparts a significant performance impact. There is simply a lot more overhead involved in SFTP because it is running over the SSH2 protocol and because SFTP implements its own handshaking mechanism. If you want the highest transfer speeds possible you want FTPS.

To sum all of this up, try to support all 3. Most modern FTP servers already have support for FTP, FTPS, and SFTP.

Solution 3

Any-one interested in some numbers here are my results from running some benchmarks on my local network. SMB 2.1 performance is about 112 MB/s

Machine: Intel(R) Core(TM)2 Quad CPU Q8400 @ 2.66GHz/8GB ram/Gigabit Local Network

FTP Mode                      MB/s CPU Usage/APP   Encrypted
-------------------------------------------------------------
FTP Transfer rate:            120  40.9  proftpd   No
FTPS (SSL) Transfer Rate:      55  99.8% proftpd   Yes
SFTP Transfer Rate:            30  100%  sshd      Yes
Putty SSH Tunnel, (Raw) FTP:   32  100%  sshd      Yes

Solution 4

Definitely avoid installing an FTP daemon. As long as you have SSH, you have SFTP. No extra set up required. The only reason to use FTP is for the masses.

I run an FTP server that also supports FTPES (FTP over explicit SSL) and I really see no advantages of it, aside from the fact that it is already in place. I inherited it, and all the user accounts and permissions work. But for everything else, I just use SSH/SFTP.

View more solutions

18,751

susmits

Updated on September 17, 2022

Comments

susmits over 1 year

We're setting up a web server at our workspace. In conjunction, we're planning to install an FTP server, however I'm stuck at what protocol to employ -- FTP, SFTP or FTPS. I googled around, trying to see what protocol offers what, coming across articles like this, but I can't make up my mind. Only simple, once-in-a-while file transfer is desired; however, security is a concern since the file server is intended to be accessible from the internet.

What protocol is the most apt for my use, and why?
- user3745402 about 14 years
  
  Do you already have an Apache set up with SSL? Then I would add ...v/s WebDAV :-)
- susmits about 14 years
  
  No, we're going to use lighttpd as the HTTP daemon.
- user3745402 about 14 years
  
  If you still want to consider it: WebDAV is also possible with lighttpd howtoforge.com/setting-up-webdav-with-lighttpd-debian-etch
- user3745402 about 14 years
  
  The first argument for me would be: If I already have an HTTP server (with SSL), why set up an extra server, and why open additional firewall ports? More arguments for WebDAV: howtoforge.com/webdav_with_ssl_and_two_factor_authentication
- susmits about 14 years
  
  Thanks a lot everyone! I'll give WebDAV a look, it does seem quite an attractive option.
Ignacio Vazquez-Abrams about 14 years

2 ports for (active) FTP, and some OSes have helper modules that will handle the second automagically.
Grant about 14 years

I guess it depends on how you look at it. For any single directory listing or file transfer only 2 ports are used (one port for the control connection and one port for the data connection), but in practice a new port is required each time a new data transfer takes place. That new port may need to be opened on the server (for passive mode) or on the client (for active mode) but a new port is still usually required. This means that a range of ports needs to be available on either the client or server for a large number of transfers.
JKim over 11 years

Plus SFTP operates through a single port only (22). Less issues with firewalls and configuration of them.