January 22, 2012

1.4.10 SFTP

SFTP

In computing, the SSH File Transfer Protocol (SFTP) is a network protocol that provides file access, file transfer, and file management functionality over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0, but is also intended to be usable with other protocols.

SFTP is not FTP run over SSH, but rather a new protocol designed from the ground up by the IETF SECSH working group.

The protocol itself does not provide authentication and security; it assumes that it is run over a secure channel, i.e. it expects the underlying protocol to secure this and that the server has already authenticated the client, and the identity of the client user is available to the protocol. SFTP is most often used as subsystem of SSH protocol version 2 implementations.

Unlike standard FTP, SFTP encrypts both commands and data, preventing passwords and sensitive information from being transmitted in the clear over the network. It is functionally similar to FTP, but because it uses a different protocol, you can't use a standard FTP client to talk to an SFTP server, nor can you connect to an FTP server with a client that supports only SFTP.

References:

No comments:

Post a Comment