What Is SFTP?
It can be tempting to think that, based on the description of SCP above, that SFTP is simply a secure version of FTP, a protocol that dates back to the earliest days of the internet. However, they’re different protocols with different roots, with SFTP’s story starting at the same time as SSH’s, in the late 1990s. At that time, graphical file-transfer clients had grown commonplace, meaning that there was a mainstream audience in need of stronger file-transfer capabilities and familiarity with what was already in use. The result is that while SFTP maintains some similarities to FTP, it generally transfers on the same transmission control protocol port as an SSH connection, usually port 22.
“This protocol assumes that it runs over a secure channel, that the server has already authenticated the user at the client end and that the identity of the client user is externally available to the server implementation,” Ylönen and co-developer Sami Lehtinen wrote in a draft document for the Internet Engineering Task Force in 2001.
SFTP has more overhead than something like SCP. However, Picinich says that this is made up for by its greater ease of use.
”Remote working users need easy-to-use platforms to allow them to complete their file-transfer tasks efficiently,” Picinich says. “Administrators require systems that can be configured and audited to meet security requirements and industry best practices. SFTP fits the bill in this case with straightforward authentication, traditional directory listings and easy-to-understand file upload and download.”
Which Secure File Transfer Protocol Is Faster?
The limitations of SCP as a full-fledged file-transfer protocol do have a plus side, according to Picinich: Its limited capabilities, which are focused on copying files, are generally much faster than SFTP for many tasks.
“SCP was created to replicate shell copy functions between systems, and if you have ever used the command CP to copy files locally, you can use SCP,” he says. “This provides system operators a simple and familiar way to transfer files between systems with faster transmission rates than SFTP due to less protocol overhead.”
However, SFTP’s overhead is more than made up for by its ease of use — and by offering fewer limitations than SCP has.
“While both SCP and SFTP will handle large file transfers, SFTP allows for resuming a file transmission,” he adds. “The feature set of SFTP aligns with workflows for both internal system transfers and external user access to files and folders. Additionally, there are several GUI client applications available for SFTP.”
However, if speed is a goal of file transfer, it may be worth considering ways to automate so that integrations are tighter, allowing data to flow more efficiently. Picinich points to the way that tools like MOVEit Transfer can use APIs to automate transfers, for example.
“While SCP and SFTP can fit the need in some scenarios, more and more commonly the need is for a purely programmatic interface to integrate with for file movement,” he says. “Products such as MOVEit Transfer provide secure REST APIs to allow for customized integration of file transfers.”