SFTP vs. SSH

When connecting to a remote computer or transferring files between computers, security is indispensable. Passwords, usernames, and other sensitive information must be encrypted in order to protect them from malicious cyber attacks. That is where secure protocols such as SFTP and SSH have been introduced. Although they possess similar characteristics, these two protocols constitute differences that set them apart, which we will cover in the following discussion.

What is SSH?

Created in 1995, SSH (Secure SHell) is a network protocol designed to securely operate remote servers over an unsecured network through the encryption of all data exchanged between the client and the server. Its’ predecessor, the Telnet protocol, allowed users to connect and execute processes on remote servers, but without any encryption. SSH’s most prevalent applications are remote login and command execution, similar to a remote desktop with a text only terminal. However, there is so much more SSH has to offer, one even being an odd use case of redirecting sound from one computer's mic to another computer's speakers with no additional software (just a fun little unimportant fact for you folks).

What is SFTP?

SFTP stands for SSH File Transfer Protocol (although commonly mistaken for Secure File Transfer Protocol), implying how reliant SFTP is on SSH. It utilizes the SSH protocol to authenticate the user and to establish an encrypted channel between the client and the server. SFTP was created in the late 1990’s and is a successor to the original file transfer protocol, FTP. Similar to FTP, it works in a client-server architecture: once the client is authenticated and the connection is established, it can upload, download, and manage files and directories of which it has access to on the server.

What are the similarities between SSH and SFTP?

With respect to security, SFTP and SSH are a lot alike. SFTP uses SSH to ensure a secure file transfer and therefore uses the same authentication methods as SSH:

  • Both protocols support the use of private/public key authentication: a cryptographic system that uses pairs of keys, each of which is composed of a public key and a private key. Keys are established through asymmetric encryption algorithms, where the encryption and decryption use separate keys. You can read more about private/public key authentication here.
  • Both protocols support password-based authentication, where a username and password are supplied.
  • Audit of successful or failed logins.
  • Maximum login attempts.

Check out SFTP To Go

In addition to the SFTP protocol, SFTP To Go supports FTPS, S3 and HTTPS for file access and management as well as REST APIs to manage your service. If you need a simple, yet powerful solution to securely store, share, and transfer files between parties and a server that guides you to manage and access files, then SFTP To Go is here for you. Click here to view plan options and additional information to help you make your decision.

Cloud FTP with maximum security and reliability
SFTP To Go offers managed cloud storage service - highly available, reliable and secure. Great for companies of any size, any scale.
Try SFTP To Go for free!

Post photo by Stillness InMotion on Unsplash