Skip to main content
banner image
venafi logo

What Is Secure File Transfer Protocol (SFTP) and How to Use It

What Is Secure File Transfer Protocol (SFTP) and How to Use It

what-is-secure-file-transfer-protocol-how-to-use-it
October 18, 2021 | Guest Blogger: Anastasios Arampatzis

In a previous blog discussing Secure Copy Protocol (SCP), we mentioned that in April 2019, OpenSSH developers recommended the use of SFTP instead of the “outdated” SCP protocol. SFTP stands for Secure File Transfer Protocol, and it is also known as SSH File Transfer Protocol.
 

Know enough about protecting your SSH keys? Read our Dummies Guide.
What is SFTP?

SFTP is a network protocol that provides file access, file transfer, and file management over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) and provides secure file transfer capabilities. Even though SFTP is described in the context of the SSH protocol, it can be used in various applications, such as secure file transfer over Transport Layer Security (TLS), and transfer of management information in VPN applications.

Compared to the SCP protocol, which only allows file transfers, the SFTP protocol allows for a range of operations on remote files, which make it more like a remote file system protocol. An SFTP client's extra capabilities include resuming interrupted transfers, directory listings, and remote file removal.

This protocol assumes that it is run over a secure channel, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol. SFTP transfers files securely. It uses SSH and encrypted FTP commands to avoid password sniffing and exposing sensitive information in plain text. Since the client needs to be authenticated by the server, SFTP also protects against man-in-the-middle attacks.

SFTP can be handy in all situations where sensitive data needs to be protected. For example, proprietary data and intellectual property (IP) may not be covered by any particular data privacy rule, but it can be devastating to fall into the wrong hands. An organization might use SFTP to transmit files containing trade secrets or other similar information.

How SFTP works

SFTP is a client-server protocol that can be launched either as a command line or through a graphical user interface (GUI).

  • In command line setup, the user types in specific command lines to generate the SFTP protocol.
  • The GUI option makes use of a program that abstracts the use of SFTP visually for end users.

The SFTP protocol runs over the SSH protocol using the normal SSH port 22 and supports multiple concurrent operations. The client identifies each operation with a unique number that must match the server response. Requests can be processed asynchronously. The SFTP protocol is initiated only when the user logs into an SSH server to avoid leaving additional ports exposed or maintaining additional authentications.

Before you can use an SFTP, you need both an SFTP client and server. An SFTP client is the necessary software that provides you with the ability to connect to the server. It also makes it possible to upload files to be stored to the server, as well as download files that are already being stored.

An SFTP server is the place in which files are stored and retrieved. The server provides its services so users can store and transfer data safely. The server uses the SSH file transfer protocol to keep the connection secure. A software vendor may store software updates on their SFTP server so that customers can download secure files with an SFTP client.

An SFTP server requires both communicating parties to authenticate themselves either by providing a user ID and password, or by validating an SSH key (or both). One half of the SSH key is stored on the computer of the two clients (private key), while the other half is loaded on the server and associated with their account (public key). Only when the SSH key pair matches, authentication occurs.

When to use SFTP

SFTP, as a successor to FTP, is used in situations where file security is important, such as complying with security and privacy standards like HIPAA, CCPA or GDPR. SFTP can become really useful for securing sensitive and confidential data while in transit.

This can be especially important in remote working scenarios. For example, any doctor or third-party working with a hospital or healthcare provider, must keep its electronic PHI (ePHI) confidential, including during its transition through networks. SFTP is one of several options for shielding that data in transfer, to make sure that criminals do not compromise its confidentiality and integrity, and that the company does not unwittingly perform a HIPAA violation.

SFTP can also complement VPN. Both systems will protect data, but they are not the same. SFTP is a protocol, whereas VPN is a secure encrypted tunnel for data. With that in mind, information can also be sent using SFTP protocol through a VPN, making the transfer even more secure.

SFTP can also be seen as an improvement over the FTPS, which is just an FTP protocol run over TLS/SSL. FTPS requires complex firewall configurations as ports 989 and 990 need to be open, depends on a centralized public certificate authority, and is prone to file corruption since it defaults to ASCII mode.

Advantages of SFTP

There are many reasons why businesses choose to implement SFTP into their security and privacy controls.

  • Speed: The servers used with SFTP can easily support large file transfers, as well as transferring multiple files at once, saving time when moving data from one server to another.
  • Security: Thanks to encryption, public key authentication, and data security, SFTP can preserve the confidentiality and integrity of your data
  • Manageability: SFTP gives you the ability to easily manage your server using a web interface or an SFTP client.
  • Integration: SFTP and firewalls go hand in hand. Data, commands, and sensitive information are all sent over a single connection to Port 22, which is by default enabled with firewalls in their security parameters.
Conclusion

Although SFTP has many features and benefits for users and businesses, its security depends on the lifecycle management of SSH keys. Poor management of SSH keys can expose these critical cryptographic assets to criminals who can leverage them to access corporate networks and move undetected. Therefore, organizations need to establish robust and effective procedures to protect their SSH keys. The Venafi SSH Protect platform can help you safeguard the host-to-host connections that SSH and SFTP enable by discovering, protecting and automating the SSH machine identities lifecycle.
 

Related Posts

Like this blog? We think you will love this.
9-pki-pitfalls-and-how-to-avoid-them
Featured Blog

9 PKI Pitfalls and How Automation Helps You Avoid Them

Outdated secur

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS MIM For Dummies
eBook

TLS Machine Identity Management for Dummies

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Guest Blogger: Anastasios Arampatzis
Guest Blogger: Anastasios Arampatzis

Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years of experience in evaluating cybersecurity and managing IT projects. He works as an informatics instructor at AKMI Educational Institute, while his interests include exploring the human side of cybersecurity.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more