SFTP (SSH File Transfer Protocol, also known as Secure FTP) is a popular method for securely transferring files over remote systems. SFTP was designed as an extension of the Secure Shell protocol (SSH) version 2.0 to enhance secure file transfer capabilities. SFTP supports file access, file transfer, and file management functionalities without command or data channels. Instead, both data and commands are encrypted and transferred in specially formatted binary packets via a single, secured connection using SSH.
Ordinary FTP clients cannot be used with SFTP servers. They require dedicated SFTP clients, which are programs that use SSH to access, manage, and transfer files. The Command-Line Interface (CLI) in UNIX® and Mac OS® X hosts can be used as SFTP clients. There are also many graphical FTP clients, such as the free FTP client for Windows®, FTP Voyager®, which supports file transfer via SFTP.
An SFTP connection can be authenticated in two ways:
Even if the SFTP server is hacked or spoofed, the attacker gains only one signature, not your private key or password. Because signatures cannot be re-used, he has actually gained nothing.
SFTP operates over SSH, making it inherently secure. Unlike in FTPS and FTP, the encryption cannot be triggered or turned off using AUTH commands. Port 22 is generally configured for SFTP connections.
Serv-U® Managed File Transfer (MFT) Server supports secure file transfer protocols including SFTP, FTPS, FTP, and HTTP/S. When using SFTP for file transfer, Serv-U MFT Server allows you to have multiple SSH keys for one user.
Serv-U MFT Server also supports FIPS 140-2 validated cryptography. Enabling FIPS 140-2 mode limits Serv-U to encryption algorithms certified to be FIPS 140-2 compliant. This helps ensure a high level of security for encrypted connections.
Secure FTP server software that provides comprehensive security, automation, and centralized control for file transfers across your organization