FTP vs. SFTP

mydatery posted 26th of April 2010 in Community Voice. 2 comments.

So, we all know that we can FTP a file onto the server, utilizing tools like WinSCP & Filezilla.  I've never looked at Filezilla because I found WinSCP first and it does everything I need it to do for the great low price of Free.  I'm pretty sure that Filezilla does all the same things  for the same great price.  This isn't a comparison of those products though, so all of you looking to compare them, gotcha.

Instead this is a comparison of FTP vs. SFTP and the question of why don't some hosts support SFTP connections?

I get a chance to work on alot of different sites and servers with a wide array of hosts.  Some I cringe at and others I'm very happy to work with.  Of course, those who are set at Port 21 with an SFTP connection ability are my favorites as I have to change nothing when I hop into WinSCP.  It's those with different ports and especially those who will not take an SFTP connection that drive me batty.

Now, SFTP is basically the same thing as FTP with the difference being that SFTP encrypts everything during upload/transfer and FTP sends it all out in plain text which enables whoever has the ability to intercept & read packets the opportunity to gain access to your files, password, login and so on information.

So, to the hosts:  There are some of you that do not support SFTP on your servers, which is obvious when we attempt to come in on an SFTP connection to do work for your customers and we get the eternally loading login screen that can't communicate with the server, why do you not support SFTP?  Are there additional costs?  Have you discovered issues the other hosts have not discovered? 

As someone doing work on servers I'd prefer to come in under the security of SFTP and do my work knowing it's at least been mildly encrypted for the safety and security of the client and my own system.  Aren't you taking unneccesary risks with your clients accounts by NOT utilizing an SFTP connection? 

For those of you who do not know if your host permits an SFTP connection, please download a program like WinSCP and attempt to login to your server with it set to SFTP (it will be by default) and see if it connects, denies or just sits there forever.  If it connects then you have an SFTP connection, denies check your port # and try again, eternally loads it definitely does not support SFTP.

And yes, I know you can select encryption on FTP but I've seen those get denied also on many of the servers out there.  So what is up with this hosts?

 
Comments
·Oldest
·Top
Please login to post a comment.
cbassthefish
Blog post gets the thumbs up from me :o)

In fact I remember DosDawg did a similar blog post about this sort of thing some time back. I have dug it up and posted below:

http://www.boonex.com/unity/blog/entry/Iframe_Hack_Did_Boonex_Hack_My_Site_
buckmcgoo
SFTP is all I use and since it uses SSH I have FTP shut down on my server completely. Most FTP clients are capable of using SFTP so I don't know why everyone doesn't use it. The way I look at it having FTP shut down on the server is one less thing to worry about. When I look at the log people from all over the world are constatnly trying to connect via FTP so this way they can try all day haha.

Good post by the way, I think this is one of those things most people don't understand or don't know see more about.
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
PET:0.055593013763428