Hello,

Who doesn't use FTP to upload and download files to and from their webspace(s)?

Me.

What do you use instead of FTP?

SFTP with Public Key Authentication.

SSH File Transport Protocol, this is not SSH over FTP, this is really another protocol.

I think that , especially today, you shouldn't use FTP. This is way too insecure.

Do you mean FTP as opposed to some entirely different protocol, or do you mean FTP as opposed to SFTP?

Good question, @lucy24.

I'm starting to think that the forum poster 9 years ago was drawing a distinction where I wouldn't.

Personally, in a generalised context, I wouldn't distinguish between FTP and SFTP. They may not be the same protocol but (functionally, at least) they're arguably the same sort of protocol.

I was unaware that some people don't regard FTP as a generic term for file transfer using a file transfer client.

“This page isn’t html! The extension clearly says shtml.”

“I asked for a jpeg and you’ve sent me a .jpg!”

Et cetera, ad lib.

Used FTP for a zillion years, and when it came out, moved to SFTP ... and as far as functionality is concerned they are two peas in the same pod.

FTP and SFTP are both ftps.

I don't use FTP or SFTP ever. I use SSH, and mainly SSH with GIT. If I need to copy files outside of GIT I use SCP linux command, which simply copies over SSH. Using SSH allows you to access the remote server as easily as any other drive on your local machine. It also allows for scripts to programatically transfer files and act on the files (like un-tar them) in their remote location. (S)FTP seems archaic (very windows like) and makes me nervous in that you can copy or delete things in the wrong place. To be fair, this is equally possible with SSH, so it is more of personal preference.

Note, I'm not sure about how SFTP works from a security persective, but my remote servers all have passwords disabled. One can only logon using the SSH cryptographic key, This makes it nearly impossible for an outsider to gain access, the only way in is from my local machine, or other accounts if they exist (I typically work alone). I assume that the same thing is possible with SFTP, but if it isn't then that is a big security flaw.

FTP and SFTP are both ftps.

Exactly! :)

What methods are in use, as long as they accomplish the job at hand, is all that is required.

I still use FTP to my NAS. It's fast and perfectly secure within the network. If someone has broken into my network they are more likely to be interested in banking details, or personal details.

Hello,

FTP and SFTP are both ftps.

No, they are not.

FTP is a protocol, without encryption at all (username, password, files, are transmitted in plain text/bytes) . - [en.wikipedia.org...]

FTPS is an enhancement of the FTP protocol, initially using SSL, then TLS. (everything is encrypted between the client and server) - [en.wikipedia.org...]

FTP over SSH is a variant - [en.wikipedia.org...]

SFTP is a totally different protocol, which is based on entirely on SSH (so everything is encrypted)- [en.wikipedia.org...]

I assume that the same thing is possible with SFTP, but if it isn't then that is a big security flaw.

You do not need to assume, since this is what I said in my first message.

I do not use FTP or SFTP.

I use FTPS.

I mostly need to use ssh anyway, so using SFTP reduces the attack surface.

@ronin I think it is important to make the distinction because there are significant differences that matter (in terms of security, for a start, but also configuration and software required). I think more people use the term generically because they think SFTP and FTP are related protocols than deliberately using FTP as a generic term for all file transfer protocols (which no one actually does - HTTP and UUCP are file transfer protocols too).

I use SSH, and mainly SSH with GIT. If I need to copy files outside of GIT I use SCP linux command, which simply copies over SSH. Using SSH allows you to access the remote server as easily as any other drive on your local machine. It also allows for scripts to programatically transfer files and act on the files (like un-tar them) in their remote location. (S)FTP seems archaic (very windows like) and makes me nervous in that you can copy or delete things in the wrong place. To be fair, this is equally possible with SSH, so it is more of personal preference.

There is no security advantage in using SCP over SFTP as they both run over ssh.

SCP is probably preferable for scripting or moving a single file from the command line.

I like the fact that SFTP lets me manage, view and edit files on a remote server just like those locally, using the same file manager, text editor, etc. Agreed that is a personal preference and I prefer to script things too.

FTPS is FTP, just with a security layer on top of the communication. SFTP is file transfer tunneled over SSH.

The main technical difference between the two is that FTP(s) uses two ports for the communication. One port is used for the commands, but the actual data is transferred over a different channel with a different port number. This makes it difficult to setup and secure, especially when NAT routers have to be passed.

That said, FTP is still widely used in the academic world and I was recently involved in a project involving transferring gigabytes of data automatically on a daily base, over unsecured FTP connections. FTP may be reaching EOL in the webmaster community, it certainly isn't in other parts of the digital universe.

:: head spinning ::

So FTPS is a variant of FTP, while SFTP is something entirely unrelated?

I know I started using SFTP for accessing site logs some years ago because the server required it (understandably enough)--that is, they required some form of secure access, of which SFTP was one option. But I genuinely can't remember whether they later imposed the same requirement for site files in general, or whether it just seemed like a good idea. Using a non-secure protocol to get at files on an HTTPS site does seem a bit backward, though.

Ahh, I just realised I got my last comment the wrong way round and it makes no sense as it stands.

I use SFTP, not FTP or FTPS.

@lucy, exactly. I think SFTP is a lot more commonlu used than FTPS.

SSH is very versatile. You can tunnel other services over it so, for example, if you have a admin web ui to something on a remote server that can only be accessed from localhost on the server, you can use an ssh tunnel to access it remotely. If you have X windows at both ends, you can even run a desktop applications over ssh.

Rsync also usually runs over ssh by default these days, and anything that can run over the network can do so.

So FTPS is a variant of FTP

It's the secured version of FTP.

The same way that HTTPS is the secure version of HTTP,... but... here again, it's more complex than that, because HTTP v 0.9 / 1.0 / 1.1 are evolutions of the same protocol, but HTTP/2 is totally different, and HTTP/3 is i again totally different. But they all belong to the HTTP family for conveniences.

while SFTP is something entirely unrelated?

It's a different protocols (methods).

The same way that HTTPS is the secure version of HTTP

That does make it easier to remember: put an S at the end each time.

We won't talk about html vs shtml :)

FTP and SFTP are both ftps.

i realized after posting this it would cause confusion.

i meant "ftps" (a plural), not "FTPS" (an acronym)