SFTP for Secure File Transfers

by: Staff Wednesday, February 18th, 2009

File Transfer Protocol, or FTP, is the protocol many people use to transfer files over the internet. In its purest form, however, FTP is insecure, leaving unencrypted data susceptible eavesdropping, forgery or interception. Although the protocol can be implemented with additional security mechanisms, some prefer methods that are naturally more secure, such as SFTP.

What is SFTP?

Short for Secure File Transfer Protocol, SFTP utilizes SSH (Secure Shell) to transfer files between a client and a server. SFTP mainly relies on two components to securely transmit files: server validation and client authentication. These components rely on cryptography, as both public and private keys are utilized to authenticate communications. The server is validated by matching its public key with the public key located on the client. Depending on the software, the client may be authenticated in the following ways:

  • Passphrase and private key
  • Username and password
  • Keyboard interaction

When a passphrase and private key are required, the client machine’s public key is added to a file of authorized keys on the server. Once the validation process is initiated, the client is required to enter a passphrase to load the private key and complete authentication. A passphrase is similar to a password, yet longer and typically more secure.

Username and password authentication is rather straightforward, as it merely calls for a user account to be created on the SFTP server. Keyboard interaction utilizes a technique that asks the client a series of questions from which it must respond correctly before being authenticated. This enables the implementation of various authentication methods, including the asking of a username and password.

What You Need for SFTP

In order to transfer files with SFTP, you will require a server configured with the protocol, as well as a client program that supports it. Some of the most popular FTP servers are DataFreeway, FileZilla and WinSCP. PuTTY is one of the most popular SFTP clients as it is free to use. PASSPORT is another SFTP client preferred by many because of its comprehensive interface and ease of use.

Why Use SFTP?

Though very similar, FTP and SFTP are two entirely different animals. FTP is efficient at transferring files, but since it cannot always ensure security, many recommend using SFTP instead. Take note that you should always make sure your SFTP clients support the last versions of SSH because older variations have been rendered vulnerable.

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • Reddit

No related posts.

« | Home | »

 

Leave a Comment