5/18/2018 SFTP File Transfer Protocol | SSH.

COM

SECURE SHELL   PRODUCTS SUPPORT COMPANY

SSH COMMUNITY PRODUCTS CUSTOMER SUPPORT

ABOUT US

SSH (Secure Shell) home

Overview of products & servicesEnterprise supportCompany
24x7 overview

Download free SSHPrivX™

clients On-Demand Access Manager
Product documentation
Contact us

Universal SSH Key Manager®

SSH key management How to report vulnerabilities
Find a local partner

Home » SSH » SFTP Updated October 10, 2017

Tectia® SSH® Job opportunities

CryptoAuditor® Executive management

SFTP – SSH SECURE FILE TRANSFER PROTOCOL Board of directors

SFTP (SSH File Transfer Protocol) is a secure file transfer protocol. It runs over the SSH protocol. It supports
the full security and authentication functionality of SSH.

SFTP has pretty much replaced legacy FTP as a file transfer protocol, and is quickly replacing FTP/S. It
provides all the functionality offered by these protocols, but more securely and more reliably, with easier
configuration. There is basically no reason to use the legacy protocols any more.

SFTP also protects against password sniffing and man-in-the-middle attacks. It protects the integrity of the
data using encryption and cryptographic hash functions, and autenticates both the server and the user.

Contents

SFTP Port Number

SFTP Client for Windows and Mac
SFTP Server for Linux, Windows, and Mac
SCP Command on Linux
SFTP Command on Linux
SSHFS & Using SFTP for File Sharing
Interactive and Automated Secure File
Transfers
Commercial File Transfer Solutions using SFTP
SFTP Libraries for Developers
SFTP Protocol
SFTP vs. FTPS
SFTP screenshot

SFTP PORT NUMBER

https://www.ssh.com/ssh/sftp/ 1/7
5/18/2018 SFTP File Transfer Protocol | SSH.COM

SFTP port number is the SSH port 22 (follow the link to see how it got that number). It is basically just an SSH
server. Only once the user has logged in to the server using SSH can the SFTP protocol be initiated. There is
no separate SFTP port exposed on servers. No need to configure another hole into firewalls.

SFTP CLIENT FOR WINDOWS AND MAC

Many SFTP client implementations are available. Many SSH clients support SFTP.

Tectia SSH Client

WinSCP
FileZilla
PuTTY
Cyberduck

SFTP SERVER FOR LINUX, WINDOWS, AND MAC

SFTP server usually comes as part of an SSH implementation. Most organizations use either Tectia SSH or
OpenSSH as the server; both come with SFTP server implementations out-of-the-box.

Tectia SSH Server for Windows

Tectia SSH Server for IBM z/OS mainframes
OpenSSH - open source server for Linux & Unix
FileZilla - a free sftp server for Windows

SCP COMMAND ON LINUX

The scp command is a file transfer program for SFTP in Linux. The scp command line interface was designed
after the old rcp command in BSD Unix. The scp also usually comes with the OpenSSH package.

Its typical use is:

scp [-r] file ... [user@]host:[path]

Basically, this copies one or more files to the given host. If user is given, then they are copied to that account
on the host. If no user is supplied, then the same user name as on the client side is assumed. If path is given,
then the files are copied to that directory (relative to the given user's home directory). If no path is given, the
files are copied to the user's home directory. If the -r option is supplied, then files may be directories, and the
given directory and all its subdirectories and files in them (recursively) are copied.

One can also copy in the reverse direction:

scp [-r] [user@]host:file path

https://www.ssh.com/ssh/sftp/ 2/7
5/18/2018 SFTP File Transfer Protocol | SSH.COM
Commonly, the path would be ., i.e., the current directory.

SFTP COMMAND ON LINUX

The sftp command in Linux is a client program for SFTP. The sftp command line interface was designed to
be similar to the ftp command. The sftp command is typically part of the OpenSSH package.

SSHFS & USING SFTP FOR FILE SHARING

SFTP can furthermore be used for file sharing, similar to Windows file sharing and Linux NFS. The main
difference is that SFTP is secure, and can be used reliably over Network Address Translation (NAT) and the
public Internet.

Sshfs is a network file system for Linux that runs over the SFTP protocol. It can use any SSH server as a server,
and use remote files over the network as if they were local files. The remote file system can be mounted and
unmounted as desired. It is the most convenient way to mount remote files ad hoc, without the need for any
configuration by the server administrator. SSH keys can even fully automate establishing the connection to
the server. Basically, anyone who is able to log into the server can mount its file system, with access to those
files the user has access to.

Other file sharing implementations using SFTP include:

Expandrive (Windows and Mac)

Apache Commons VFS
chromeos-filesystem-sftp

INTERACTIVE AND AUTOMATED SECURE FILE TRANSFERS

Like SSH itself, SFTP is a client-server protocol. SFTP clients are included in quality SSH clients and complete
enterprise grade SSH implementations provide both SFTP client and server functionality. Some SSH clients,
such as Tectia SSH, also provide graphical file manager views into remote filesystems.

On Linux, SFTP is often used as a command-line utility that supports both interactive and automated file
transfers. Public key authentication can be used to fully automate logins for automated file transfers.
However, proper lifecycle management of SSH keys is important to keep access under control.

Common use cases for automated file transfers include nightly system backups, copying data to disaster
recovery systems, distributing configuration data, and moving transaction logs to archival systems. Many
organizations have thousands of daily SSH transfers. In come cases, we have seen over 5 million daily
automated SSH logins.

COMMERCIAL FILE TRANSFER SOLUTIONS USING SFTP

Some commercial file transfer products supporting SFTP include the following. Nothing on this page should
be taken as an endorsement of any product or solution.

IBM MQ Managed File Transfer

https://www.ssh.com/ssh/sftp/ 3/7
5/18/2018 SFTP File Transfer Protocol | SSH.COM
Q a aged e a se
GlobalScape Enhanced File Transfer
GoAnywhere MFT
SFTPPlus Managed File Transfer
IPSwitch MOVEit Complete
Solarwinds Managed File Transfer
JScape MFT Server
Serv-U MFT Server
Axway's Secure MFT Gateway: SecureTransport
Stonebranch Universal Data Mover
Coviant Diplomat Managed File Transfer
Acronis MassTransit
Tibco Managed File Transfer
BMC Control-M Managed File Transfer
Signiant Secure File Transfer

SFTP LIBRARIES FOR DEVELOPERS

There are many open source SSH libraries available for various programming languages.

pysftp is a Python implementation

Paramiko is another Python implementation
pkg/sftp is a Go language implementation
libssh is a C implementation of the protocol
libssh2 is another C implementation of the protocol
Rebex SFTP is a .NET (C#) implementation
codeignioter-sftp is a PHP implementation
phpseclib is another PHP implementation
SmartFTP is an ActiveX component
JCraft JSch is a Java implementation
SSHJ is another Java implementation
List of SFTP Client Libraries
Comparison of Commons VFS, SSHJ and JSch Libraries for SFTP Support

SFTP PROTOCOL
The SFTP protocol runs over the SSH protocol as a subsystem. It was originally designed by Tatu Ylonen for
SSH 2.0 in 1997-1998. There is no separate SFTP port; it uses the normal SSH port.

The full documentation of the SFTP protocol can be found in the Internet-Draft draft-ietf-secsh-filexfer-02.

Th t l t lti l t ti E h ti i id tifi d b i b
https://www.ssh.com/ssh/sftp/ 4/7
5/18/2018 SFTP File Transfer Protocol | SSH.COM
The protocol supports multiple concurrent operations. Each operation is identified by a unique number
assigned by the client, and servers response contains the same identifying number. Server may process
requests asynchronously and may return responses out-of-order. For performance reasons, file transfer
clients often send multiple requests before stopping to wait for responses.

Operations or packet types supported by the protocol include:

INIT: sends client version numbers and extensions to the server

VERSION: returns server version number and extensions to the client

OPEN: opens or creates a file, returning a file handle

CLOSE: closes a file handle

READ: reads data from a file

WRITE: writes data to a file

OPENDIR: opens a directory for reading, returning a directory handle

READDIR: reads file names and attributes from a directory handle

MKDIR: creates a directory

RMDIR: removes a directory

REMOVE: removes a file

RENAME: renames a file

STAT: returns file attributes given a path, following symlinks

LSTAT: returns file attributes given a path, without following symlinks

FSTAT: returns file attributes given a file handle

SETSTAT: modifies file attributes given a path

FSETSTAT: modifies file attributes given a file handle

READLINK: reads the value of a symbolic link

SYMLINK: creates a symbolic link

REALPATH: canonicalizes server-size relative path to an absolute path

The following response packets are returned by the server:

STATUS: indicates success or failure of an operation

HANDLE: returns a file handle upon success

DATA: returns data upon success

ATTRS t fil tt ib t
https://www.ssh.com/ssh/sftp/ 5/7
5/18/2018 SFTP File Transfer Protocol | SSH.COM
ATTRS: returns file attributes upon success

There is also an extension mechanism for arbitrary vendor-specific extensions. The extensions that are
supported are negotiated using the INIT and VERSION packets.

EXTENDED: sends a vendor-specific request from client to server

EXTENDED_REPLY: sends a vendor-specific response from server to client.

SFTP VS. FTPS

People often want to compare SFTP vs. FTPS. FTPS is basically the old ftp protocol run over SSL (Secure
Sockets Layer) or TLS (Transport Layer Security).

Benefits of SFTP over SFTP include:

SFTP runs over SSH in the standard SSH port. Thus, no additional ports need to be opened on the
server and no additional authentication needs to be maintained. This simplifies configuration and
reduces the likelihood of configuration errors.
FTPS needs complicated firewall configuration and may not work over NAT. Ports 989 and 990 need to
be open. Furthermore, FTPS supports both active and passive modes (see FTP), which further
complicates firewall configurations and is prone to problems.
FTPS requires an X.509 certificate for the server, typically from a public certificate authority. SSH works
without any centralized infrastructure. SFTP can utilize whatever host key distribution or certification
method is in use for SSH, without needing additional work and ongoing maintenance.
FTPS is basically FTP, which means it has ASCII mode, which can corrupt files if the mode is not
properly set. Some implementations default to ASCII mode.
FTPS cannot be used as a file system. (This does not improve security, as it can still read the same files.)
FTPS requires an extra server software package to be installed and patched, whereas SFTP usually
comes with SSH with the system.

SFTP SCREENSHOT

NEAREST SSH.COM OFFICE QUICK LINKS

SSH Communications Security, Inc. Home

460 Totten Pond Road #460 PrivX
Support

https://www.ssh.com/ssh/sftp/ 6/7
5/18/2018 SFTP File Transfer Protocol | SSH.COM

Waltham, MA 02140 About us

USA Contact
781-247-2100

Copyright © 2017 SSH Communications Security, Inc. All Rights Reserved. See Service Terms and Privacy
Policy.



https://www.ssh.com/ssh/sftp/ 7/7