You dont have javascript enabled! Please enable it! Which Security Protocol Does Secure File Transfer (SFTP) Use To Transfer Data? - CHARBEL NEMNOM - MVP | MCT | CCSP | CISM - Cloud & CyberSecurity

Which Security Protocol Does Secure File Transfer (SFTP) Use To Transfer Data?

5 Min. Read

[ Source – Featured Photo Unsplash ]

Security file transfer stands for the secure transfer and access to data files. This encrypts all the files you are uploading to a remote server or downloading on your device.

SFTP uses SSH, or Secure Socket Shell, which is an encrypted network protocol that offers you applications like remote login. It connects an SSH server to an SSH client and allows secure communication over an unsecured network.

In this article, we will dive into which security protocol, Secure File Transfer (SFTP) uses to transfer data.

What is SFTP And How Does It Work?

The Secure File Transfer Protocol is an improvement on FTP. Unlike FTP, SFTP uses a secure shell protocol to provide secure client authentication.

Let us dive deeper and uncover more information on SFTP and SSH!

Here is how an SFTP connection is established:

#1 Connection Request

To start a file transfer, a client sends a transfer or connection request to the server.

Then, the server sends an SSH welcome message to the client and receives the client’s SSH welcome message in return. Note that both messages are in their highest supported protocol version.

After receiving the welcome message, the server sends its supported algorithms and session cookies. The client does the same.

#2 Exchange Of Keys

The key exchange is started using the algorithm supported by both.

SFTP Exchange Of Keys
[ Source Photo Unsplash ]
The client sends its parameters to the server, which in turn replies with its parameters and public key. The server then calculates a hash of all the data exchanged so far, stamps it with its private key, and sends it to the client.

The client also calculates a hash and checks the data with the server’s public key.

This concludes the establishment of a secure network. Going forward, this network will be encrypted using cryptographic keys.

#3 Client Authentication

The client will send a username and password. This information will be used by the server to authenticate and grant access to the client.

Now that a connection has been established, the client can send a request for file operations. The sender and receiver will provide their login information or validate the SSH keys. If the authentication is successful, the client can access the SSH files.

What is SSH?

The SSH protocol is a set of rules and guidelines that allow two machines to communicate securely over a network. The transaction will happen between a local device (client) and a remote server. Both machines will need an authentication key to decode the encryption.

How Does It Work?

The SSH protocol gives your data securely over an unsecured network. The three SSH layers are:

1) The first layer creates a connection between the server and the client. It also compresses data to make the transfer faster.
2) The second layer is in charge of exchanging the supported authentication methods and regulating the user confirmation process.
3) The last layer comes in use after the authentication is successful. It opens and closes channels for each session and maintains communication.

Which Is Better: FTPS or SFTP

File Transfer Protocol Secure, or FTPS, is an extension of FTP that adds a layer of security over the transfer of files. SFTP, on the other hand, is an extension of SSH that adds file transfer capabilities to the already secure network.

Let us talk more about their parameters of difference:

#1 Authentication

You (the client) need to be granted access to share data across a network. SFTP and FTPS both have different authentication processes for the same.

There are three ways to connect to an SFTP server:

1) You will need a username and a password for authentication.
2) You will need to generate SSH keys, both public and private, to connect to another SFTP server.
3) The last way is to connect with a combination of both methods mentioned above.

Similar to SFTP, FTPS also authenticates with a username and a password. It also checks the certificate of the server. The FTPS client will require the server to have a trusted certificate from a known authority, or, if it is self-attested, you should have a copy of it.

They both use AES and Triple DES algorithms to encrypt data.

#2 Speed

Though there is a negligible speed difference between the two, FTPS is more speed-friendly.

FTPS has different channels for control and data transfer, and they don’t run simultaneously. It’s your choice whether you want to encrypt both channels or only one. If you only choose to encrypt the data channel, then the transfer will be faster.

However, SFTP transfers data in packets, which are faster to process than long text chains because they will take more time to decrypt. So, SFTP files are easier and faster to process.

#3 Implementation Of Secure File Transfer

Authentication and implementation of secure file transfer are safer with SFTP because it uses only one port (port 22) to send and receive information. This is why SFTP is considered firewall-friendly and is the easiest file transfer protocol.

Deploy an SFTP Service on and integrate with Microsoft Azure
Implementation Of Secure File Transfer

FTPS, on the other hand, is difficult to access through a secured firewall because it uses multiple ports, one for data and one for control. You will expose your network to cyber-attacks by opening multiple ports for FTPS.

There are two ways in which files can be transferred using SFTP:

1) Using WinSCP
2) Using SFTP Client

Using WinSCP

You need to follow the below steps in order to transfer files using WinSCP:

Download and install WinSCP.
When the screen launches, click on New.

Fill in the information in specified fields as below:

  • File Protocol: SFTP.
  • Hostname: You can enter the hostname from where you need the data to be transferred.
  • Username and Password: The username and password for your account on that server should be specified.
  • Port: The port is usually 22. The port can be also changed for added security.

A warning may appear saying that you are about to connect to a remote machine. You can click on Yes for this warning.

Once this is done, you will be connected to the desired SFTP server, and you can see a window that shows two windows. One window will have all data on a server, and the other window will be having your Windows machine files. You can easily drag and drop files from the server to the Windows system and vice versa.

Using SFTP Client

Here you can make use of Cyberduck or Filezilla.

You can download and launch this software and click on Open Connection.

Similar to WinSCP, you need to enter all the details like File protocol, hostname, username, and password. Then the data can be transferred from source to destination.

People Also Ask

This section will contain answers to some of the frequently asked questions about SFTP and SSH by different users.

Does The Secure File Transfer Protocol Use SSL Or TLS?

The FTPS secures its data by using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) cryptography. But, SFTP employs the SSH protocol to secure communication between the client and an SSH server by using one port.

What Is The Difference Between Secure Shell (SSH) and Secure Sockets Layer (SSL)?

SSH and SSL are both used to create a safe channel for transferring data between two parties. However, with SSH, you can also issue commands that are not supported by SSL protocols.

Final Word

Secure File Transfer is also known as the SSH File Transfer Protocol. You can send and receive encrypted data over a network for added security.

Although this happens over the internet, SFTP is not like a Virtual Private Network (VPN). VPN gives you protection across the internet, while SFTP only extends over supported applications.

> Learn more about how to enable SFTP Support for Azure Blob Storage.

> Learn more about how to deploy a Secure FTP Service on Microsoft Azure.

Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Photo of author
About the Author
Charbel Nemnom
Charbel Nemnom is a Senior Cloud Architect with 21+ years of IT experience. As a Swiss Certified Information Security Manager (ISM), CCSP, CISM, Microsoft MVP, and MCT, he excels in optimizing mission-critical enterprise systems. His extensive practical knowledge spans complex system design, network architecture, business continuity, and cloud security, establishing him as an authoritative and trustworthy expert in the field. Charbel frequently writes about Cloud, Cybersecurity, and IT Certifications.

Update Azure Backup Policy at Scale using PowerShell

How to Convert OST to PST Free


Let us know what you think, or ask a question...