SSH file transfer protocol
Encyclopedia
In computing
, the SSH File Transfer Protocol (also Secret File Transfer Protocol, Secure FTP, or SFTP) is a network protocol that provides file access, file transfer
, and file management functionality over any reliable data stream
. It was designed by the Internet Engineering Task Force
(IETF) as an extension of the Secure Shell
protocol (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols. The IETF of the Internet Draft
states that even though this protocol is described in the context of the SSH-2 protocol, it could be used in a number of different applications, such as secure file transfer over Transport Layer Security
(TLS) and transfer of management information in VPN applications.
This protocol assumes that it is run over a secure channel
, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol.
protocol, which allows only file transfers, the SFTP protocol allows for a range of operations on remote files – it is more like a remote file system
protocol. An SFTP client
's extra capabilities compared to an SCP client include resuming interrupted transfers, directory listings, and remote file removal.
SFTP attempts to be more platform-independent than SCP; for instance, with SCP, the expansion of wildcard
s specified by the client is up to the server, whereas SFTP's design avoids this problem. While SCP is most frequently implemented on Unix
platforms, SFTP servers are commonly available on most platforms.
SFTP is not FTP
run over SSH
, but rather a new protocol designed from the ground up by the IETF
SECSH working group
. It is sometimes confused with Simple File Transfer Protocol
.
The protocol itself does not provide authentication and security; it expects the underlying protocol to secure this. SFTP is most often used as subsystem of SSH
protocol version 2 implementations, having been designed by the same working group. However, it is possible to run it over SSH-1 (and some implementations support this) or other data streams. Running SFTP server over SSH-1 is not platform independent as SSH-1 does not support the concept of subsystems. An SFTP client willing to connect to an SSH-1 server needs to know the path to the SFTP server binary on the server side.
For uploads, the transferred files may be associated with their basic attributes, such as timestamps. This is an advantage over the common FTP protocol, which does not have provision for uploads to include the original date/timestamp attribute without help.
version 2 protocol (RFC 4251) also attempted to draft an extension of that standard for secure file transfer functionality. Internet Draft
s were created that successively revised the protocol into new versions. The software industry began to implement various versions of the protocol before the drafts were standardized. As development work progressed, the scope of the Secsh File Transfer project expanded to include file access and file management. Eventually, development stalled as some committee members began to view SFTP as a file system
protocol, not just a file access or file transfer
protocol, which places it beyond the purview of the working group.
As of 2006, version 6 is the last revision to be produced by that group. The protocol is not an Internet standard
but it is still widely implemented.
Drafts 00 - 02 of the IETF Internet Draft define successive revisions of version 3 of the SFTP protocol.
, a command-line program
that implements the client
part of this protocol, such as that supplied with OpenSSH
.
Some implementations of the scp program actually use the SFTP protocol to perform file transfers; however, some such implementations are still able to fallback to the SCP protocol if the server does not provide SFTP service.
, but there are also proprietary implementations. Typically the port used is 22.
There are some tools that implement man-in-the-middle for SSH which also feature SFTP control. Examples of these tools include Shell Control Box from Balabit
and FileGate SFP from Presaris. These provide functions such as SFTP transaction logging and logging of the actual data transmitted on the wire.
Computing
Computing is usually defined as the activity of using and improving computer hardware and software. It is the computer-specific part of information technology...
, the SSH File Transfer Protocol (also Secret File Transfer Protocol, Secure FTP, or SFTP) is a network protocol that provides file access, file transfer
File transfer
File transfer is a generic term for the act of transmitting files over a computer network or the Internet. There are numerous ways and protocols to transfer files over a network. Computers which provide a file transfer service are often called file servers. Depending on the client's perspective the...
, and file management functionality over any reliable data stream
Data stream
In telecommunications and computing, a data stream is a sequence of digitally encoded coherent signals used to transmit or receive information that is in the process of being transmitted....
. It was designed by the Internet Engineering Task Force
Internet Engineering Task Force
The Internet Engineering Task Force develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standards bodies and dealing in particular with standards of the TCP/IP and Internet protocol suite...
(IETF) as an extension of the Secure Shell
Secure Shell
Secure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client...
protocol (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols. The IETF of the Internet Draft
Internet Draft
Internet Drafts is a series of working documents published by the IETF. Typically, they are drafts for RFCs, but may be other works in progress not intended for publication as RFCs. It is considered inappropriate to rely on Internet Drafts for reference purposes...
states that even though this protocol is described in the context of the SSH-2 protocol, it could be used in a number of different applications, such as secure file transfer over Transport Layer Security
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
(TLS) and transfer of management information in VPN applications.
This protocol assumes that it is run over a secure channel
Secure channel
In cryptography, a secure channel is a way of transferring data that is resistant to interception and tampering.A confidential channel is a way of transferring data that is resistant to interception, but not necessarily resistant to tampering....
, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol.
Capabilities
Compared to the earlier SCPSecure copy
Secure Copy or SCP is a means of securely transferring computer files between a local and a remote host or between two remote hosts. It is based on the Secure Shell protocol....
protocol, which allows only file transfers, the SFTP protocol allows for a range of operations on remote files – it is more like a remote file system
File system
A file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...
protocol. An SFTP client
Client (computing)
A client is an application or system that accesses a service made available by a server. The server is often on another computer system, in which case the client accesses the service by way of a network....
's extra capabilities compared to an SCP client include resuming interrupted transfers, directory listings, and remote file removal.
SFTP attempts to be more platform-independent than SCP; for instance, with SCP, the expansion of wildcard
Wildcard character
-Telecommunication:In telecommunications, a wildcard character is a character that may be substituted for any of a defined subset of all possible characters....
s specified by the client is up to the server, whereas SFTP's design avoids this problem. While SCP is most frequently implemented on Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
platforms, SFTP servers are commonly available on most platforms.
SFTP is not FTP
File Transfer Protocol
File Transfer Protocol is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server...
run over SSH
Secure Shell
Secure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client...
, but rather a new protocol designed from the ground up by the IETF
Internet Engineering Task Force
The Internet Engineering Task Force develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standards bodies and dealing in particular with standards of the TCP/IP and Internet protocol suite...
SECSH working group
Working group
A working group is an interdisciplinary collaboration of researchers working on new research activities that would be difficult to develop under traditional funding mechanisms . The lifespan of the WG can last anywhere between a few months and several years...
. It is sometimes confused with Simple File Transfer Protocol
Simple File Transfer Protocol
Simple File Transfer Protocol, as defined by RFC 913, was proposed as an file transfer protocol with a level of complexity intermediate between TFTP and FTP....
.
The protocol itself does not provide authentication and security; it expects the underlying protocol to secure this. SFTP is most often used as subsystem of SSH
Secure Shell
Secure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client...
protocol version 2 implementations, having been designed by the same working group. However, it is possible to run it over SSH-1 (and some implementations support this) or other data streams. Running SFTP server over SSH-1 is not platform independent as SSH-1 does not support the concept of subsystems. An SFTP client willing to connect to an SSH-1 server needs to know the path to the SFTP server binary on the server side.
For uploads, the transferred files may be associated with their basic attributes, such as timestamps. This is an advantage over the common FTP protocol, which does not have provision for uploads to include the original date/timestamp attribute without help.
History and development
The Internet Engineering Task Force (IETF) working group "Secsh" that was responsible for the development of the Secure ShellSecure Shell
Secure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client...
version 2 protocol (RFC 4251) also attempted to draft an extension of that standard for secure file transfer functionality. Internet Draft
Internet Draft
Internet Drafts is a series of working documents published by the IETF. Typically, they are drafts for RFCs, but may be other works in progress not intended for publication as RFCs. It is considered inappropriate to rely on Internet Drafts for reference purposes...
s were created that successively revised the protocol into new versions. The software industry began to implement various versions of the protocol before the drafts were standardized. As development work progressed, the scope of the Secsh File Transfer project expanded to include file access and file management. Eventually, development stalled as some committee members began to view SFTP as a file system
File system
A file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...
protocol, not just a file access or file transfer
File transfer
File transfer is a generic term for the act of transmitting files over a computer network or the Internet. There are numerous ways and protocols to transfer files over a network. Computers which provide a file transfer service are often called file servers. Depending on the client's perspective the...
protocol, which places it beyond the purview of the working group.
As of 2006, version 6 is the last revision to be produced by that group. The protocol is not an Internet standard
Internet standard
In computer network engineering, an Internet Standard is a normative specification of a technology or methodology applicable to the Internet. Internet Standards are created and published by the Internet Engineering Task Force .-Overview:...
but it is still widely implemented.
Version 3
At the outset of the Secure Shell File Transfer project, the Secsh group stated that its objective of SSH File Transfer Protocol was to provide a secure file transfer functionality over any reliable data stream, and to be the standard file transfer protocol for use with the SSH-2 protocol.Drafts 00 - 02 of the IETF Internet Draft define successive revisions of version 3 of the SFTP protocol.
- SSH File Transfer Protocol, Draft 00, January 2001
- SSH File Transfer Protocol, Draft 01, March 2001
- SSH File Transfer Protocol, Draft 02, October 2001
Version 4
Drafts 03 - 04 of the IETF Internet Draft define version 4 of the protocol.- SSH File Transfer Protocol, Draft 03, October 2002
- SSH File Transfer Protocol, Draft 04, December 2002
Version 5
Draft 05 of the IETF Internet Draft defines version 5 of the protocol.Version 6
Drafts 06 - 13 of the IETF Internet Draft define successive revisions of version 6 of the protocol.- SSH File Transfer Protocol, Draft 06, October 2004
- SSH File Transfer Protocol, Draft 07, March 2005
- SSH File Transfer Protocol, Draft 08, April 2005
- SSH File Transfer Protocol, Draft 09, June 2005
- SSH File Transfer Protocol, Draft 10, June 2005
- SSH File Transfer Protocol, Draft 11, January 2006
- SSH File Transfer Protocol, Draft 12, January 2006
- SSH File Transfer Protocol, Draft 13, July 2006
SFTP client
The term SFTP can also refer to Secure file transfer programSecure file transfer program
The sftp command is a command-line interface client program implementing the client-side of the SSH File Transfer Protocol as implemented by the sftp-server command by the OpenSSH project, which runs inside the encrypted Secure Shell connection....
, a command-line program
Computer program
A computer program is a sequence of instructions written to perform a specified task with a computer. A computer requires programs to function, typically executing the program's instructions in a central processor. The program has an executable form that the computer can use directly to execute...
that implements the client
Client (computing)
A client is an application or system that accesses a service made available by a server. The server is often on another computer system, in which case the client accesses the service by way of a network....
part of this protocol, such as that supplied with OpenSSH
OpenSSH
OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol...
.
Some implementations of the scp program actually use the SFTP protocol to perform file transfers; however, some such implementations are still able to fallback to the SCP protocol if the server does not provide SFTP service.
SFTP server
There are numerous SFTP server implementations both for UNIX and Windows. The most widely known is perhaps OpenSSHOpenSSH
OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol...
, but there are also proprietary implementations. Typically the port used is 22.
SFTP proxy
It is difficult to control SFTP transfers on security devices at the network perimeter. There are standard tools for logging FTP transactions, like TIS fwtk or SUSE FTP proxy, but SFTP is encrypted, rendering traditional proxies ineffective for controlling SFTP traffic.There are some tools that implement man-in-the-middle for SSH which also feature SFTP control. Examples of these tools include Shell Control Box from Balabit
Balabit
BalaBit IT Security, founded in 1996, is a software company specializing in the development of IT security systems and related services.-History:...
and FileGate SFP from Presaris. These provide functions such as SFTP transaction logging and logging of the actual data transmitted on the wire.
See also
- Tectia - original inventor of the SSH protocol
- AbsoluteTelnetAbsoluteTelnetAbsoluteTelnet is a software terminal client for Windows that implements Telnet, SSH 1 and 2, SFTP, TAPI Dialup and direct COM port connections. It is commercial software, originally released in 1999 and is still in regular development by Brian Pence of Celestial Software.- Features :Some features...
- SSH client that includes a GUI SFTP client for file transfer. - List of file transfer protocols
- List of SFTP server software
- Comparison of FTP client softwareComparison of FTP client softwareThe following tables compare general and technical information for a number of FTP clients and related clients that use other file transfer protocols. Please see the individual products' articles for further information. This article is not all-inclusive or necessarily up to date...
(including SFTP) - FISH
- FTPFile Transfer ProtocolFile Transfer Protocol is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server...
- FTPSFTPSFTPS is an extension to the commonly used File Transfer Protocol that adds support for the Transport Layer Security and the Secure Sockets Layer cryptographic protocols....
- Secure copySecure copySecure Copy or SCP is a means of securely transferring computer files between a local and a remote host or between two remote hosts. It is based on the Secure Shell protocol....
(SCP) - SmartFTPSmartFTPSmartFTP is an FTP/FTPS/SFTP client for Windows, developed by SmartSoft Ltd. Features include SSL/TLS, IPv6 and FXP support, a backup tool, a transfer queue, proxy and firewall support, multiple connections, chmod features, Drag-and-drop and localization for over 20 languages, including English,...
- GUI client - SSHFSSSHFSIn computing, SSHFS is a filesystem client to mount and interact with directories and files located on a remote server or workstation...
- Mounting remote filesystem using SFTP and SSH - SwishSwish (SFTP client)Swish is a shell extension that allows Windows Explorer to manage files using SFTP.It can be used to transfer files to and from a remote server but can't open them directly.-External links:...
, a Windows ExplorerWindows ExplorerThis article is about the Windows file system browser. For the similarly named web browser, see Internet ExplorerWindows Explorer is a file manager application that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user interface...
shellWindows ShellThe Windows shell is the main graphical user interface in Microsoft Windows, and since Windows 95 hosted by Windows Explorer. The Windows shell includes well-known Windows components such as the Taskbar and the Start menu...
namespaceWindows Shell namespaceIn Windows Shell programming, the Windows Shell namespace is an organized tree-structured hierarchical representation that Windows Explorer facilitates to graphically present file system contents and other objects to the end user...
extension with SFTP support - WinSCPWinSCPWinSCP is a free and open source SFTP, SCP, and FTP client for Microsoft Windows. Its main function is secure file transfer between a local and a remote computer. Beyond this, WinSCP offers basic file manager and file synchronization functionality...
- Free Windows client with SFTP capability - FileZillaFileZillaFileZilla is free, open source, cross-platform FTP software, consisting of FileZilla Client and FileZilla Server. Binaries are available for Windows, Linux, and Mac OS X. It supports FTP, SFTP, and FTPS . As of 18 April 2011, FileZilla Client was the 7th most popular download of all time from...
- Open source cross-platform GUI client - FireFTPFireFTPFireFTP is a free, open source, cross-platform FTP client for Mozilla Firefox in the form of an add-on. It supports FTP, FTPS, and SFTP. FireFTP is charityware and runs on platforms that Firefox supports.- Features :...
- Free, open source, cross-platform GUI client - CyberduckCyberduckCyberduck is an open source FTP and SFTP, WebDAV, Cloud Files, Google Docs, and Amazon S3 client for Mac OS X and Windows licensed under the GPL. Cyberduck is written in the Java language and using the Cocoa user interface framework. It supports FTP/TLS , using AUTH TLS as well as directory...
- Free, open source Mac OS X/ Windows GUI client - WebDriveWebDriveWebDrive is an FTP client developed by South River Technologies. The latest version of the software is 10.00. Webdrive integrates WebDAV, FTP, Amazon S3 or SFTP so that linked server resources function as a mapped network drive....
- SFTP, WebDAV, Amazon S3, Windows/Mac client - Transmit (FTP client)Transmit (FTP client)Transmit is an FTP client for Mac OS X and Mac OS Classic . Developed by Panic, Transmit is shareware – after a seven-day trial period, the product can only be used for seven-minute sessions until it has been purchased....
- Mac OS X GUI client which supports SFTP, FTP, WebDAV and Amazon S3 - ExpanDriveExpanDriveExpanDrive is a Network file system client for Mac OS X and Microsoft Windows that facilitates mapping of local volume to any SFTP server the user can access. It also can connect to FTP servers and Amazon S3. When a server is mounted with ExpanDrive any program can read, write, and manage remote...
- SFTP client for Windows/Mac that mount SFTP as a network drive. - FlashFXPFlashFXPFlashFXP is a proprietary, well-established, and mature FTP client under active development sporting a simple Windows-based GUI. FlashFXP supports both client-to-server and server-to-server transfers...
- SFTP, FTP, FTPS, Windows GUI Client. - UploadFTPUploadFTPUploadFTP is an FTP/SFTP/FTPS/FTPES/FXP client for Windows, developed by Brightek Software. UploadFTP is shareware – after a fourteen-day trial period, the product should be purchased...
- Windows GUI FTP, SFTP, FTPS, FXP Client with FreewareFreewareFreeware is computer software that is available for use at no cost or for an optional fee, but usually with one or more restricted usage rights. Freeware is in contrast to commercial software, which is typically sold for profit, but might be distributed for a business or commercial purpose in the...
and Payware edition.
External links
- Chrooted SFTP with Public Key Authentication – Integrating SFTP into FreeBSD production servers using the public key cryptography approach
- User-based chrooted SFTP in GNU/Linux