Which is better, FTPS or SFTP protocol?

When you are in the process of setting up remote file transfer permissions for your employees, you want things to be as simple and secure as possible. An increased number of users would like to know what is the best protocol for secure FTP?

What is the Difference Between FTPS and SFTP?

The two protocols are different from each other, although they both have the same function.

  • SFTP uses a single channel to facilitate communications and data transfer while FTP adds one more channel that is dynamically decided for the data.
  • FTPS often had issues when passing through a firewall, as it did not know the port that was being used by the data, and failed to allow traffic through the port. FTPS sends messages that are easy for users to understand while this is not possible with SFTP, as the messages are in binary.
  • FTPS has the advantage of being familiar, while SFTP has the advantage of being more secure.

Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.

Screenshot courtesy of kojihachisu (Flickr).

The Question

SuperUser reader user334875 wants to know what the difference is between FTPS and SFTP, and which one is better:

I am trying to set up a system for four of my employees who work remotely so that they can transfer files. I also need it to be secure. Is SFTP better than FTPS? What is the difference between the two?

What is the difference between the two and which one is better?

The Answer

SuperUser contributors NuTTyX and Vdub have the answer for us. First up, NuTTyX:

They are two completely different protocols.
FTPS is FTP with SSL for security. It uses a control channel and opens new connections for the data transfer. As it uses SSL, it requires a certificate.
SFTP (SSH File Transfer Protocol/Secure File Transfer Protocol) was designed as an extension of SSH to provide file transfer capability, so it usually uses only the SSH port for both data and control.
In most SSH server installations you will have SFTP support, but FTPS would need the additional configuration of a supported FTP server.

Followed by the answer from Vdub:

FTPS (FTP/SSL) is a name used to provide a number of ways that FTP software can perform secure file transfers. Each way involves the use of a SSL/TLS layer below the standard FTP protocol to encrypt the control and/or data channels.
Widely known and used
The communication can be read and understood by a human
Provides services for server-to-server file transfer
SSL/TLS has good authentication mechanisms (X.509 certificate features)
FTP and SSL/TLS support is built into many internet communications frameworks
Does not have a uniform directory listing format
Requires a secondary DATA channel, which makes it hard to use behind firewalls
Does not define a standard for file name character sets (encodings)
Not all FTP servers support SSL/TLS
Does not have a standard way to get and change file or directory attributes
SFTP (SSH File Transfer Protocol) is a network protocol that provides file transfer and manipulation functionality over any reliable data stream. It is typically used with the SSH-2 protocol (TCP port 22) to provide secure file transfer, but is intended to be usable with other protocols as well.
Has a good standards background which strictly defines most (if not all) aspects of operations
Has only one connection (no need for a DATA connection)
The connection is always secured
The directory listing is uniform and machine-readable
The protocol includes operations for permission and attribute manipulation, file locking, and more functionality
The communication is binary and can not be logged “as is” for human reading
SSH keys are harder to manage and validate
The standards define certain things as optional or recommended, which leads to certain compatibility problems between different software titles from different vendors.
No server-to-server copy and recursive directory removal operations
No built-in SSH/SFTP support in VCL and .NET frameworks

Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.