Archived Forum Post

Index of archived forum posts

Question:

Which is better: SSH/SFTP or FTPS?

Sep 30 '14 at 13:17

Which is better to use: SFTP (Secure File Transfer over SSH) or FTPS (FTP over SSL/TLS)? Is there an advantage of one over the other in terms of ease of use, stability, efficiency, or anything else?


Answer

Both have advantages and disadvantages.

The major disadvantage with FTP is the fact that files are transferred over a separate data connection (one temporary data connection per file transfer). The data connections typically use ports from the ephemeral range. Blockage issues can exist w.r.t. firewalls on either client or server side (either software or hardware firewalls) and anti-virus. Sometimes your software can work for a very long time, and then some external change happens, such as a new firewall being installed, or modified, etc., and suddenly FTP transfers stop working.

SSH/SFTP uses a single connection where both commands and data flow, and therefore the "data connection problem" does not exist. However, my experience shows that the initial connection and authentication establishment time for SSH/SFTP is large compare to FTP. If you are transferring many files in a single session, then this overhead becomes negligible. However, if you are often connecting/disconnecting to transfer one file at a time, then this overhead becomes significant. (The overhead can vary greatly depending on the server implementation. I haven't done any studies to know which ones are better than others.)


Answer

In my experience, SSH implementations normally require more upfront work. I think this is because SSH is not a protocol specifically for file transfer, it "allows" or supports for it, but is not meant only for that. So I think that some custom implemented SSH servers interpret the protocol in their own way which leads to more fiddling with at the beginning. (And reading the low level specs on this is not fun at all).

There are multiple "enterprise" type SSH servers that do not work very well with open-source or commercially available clients.

Connectivity wise, you will find out about blockage with either SSH/FTP as with FTPS immediately at the beginning, but the port range issue for some stricter firewall settings that the Chilkat Admin mentions would be a valid concern later, after you think you are done and have started to forget about the whole project.

In a nutshell, Chilkat components work very well with both, I'd prefer FTPS because it is normally easier to get going with.