The difference between FTP, SFTP, FTPS
- Spoto
- |
- Posted on: 2019-06-14
- |
- Views: 3874
The difference between FTP, SFTP, FTPS
First, FTP (File Transfer Protocol)
The full name of FTP is File Transfer Protocol. Used for bidirectional transfer of control files on the Internet. At the same time, it is also an application. There are different FTP applications based on different operating systems, and all of these applications follow the same protocol to transfer files. In the use of FTP, users often encounter two concepts: "Download" and "Upload".
A "download" file is a copy of a file from a remote host to its own computer; an "upload" file is a copy of the file from its own computer to a remote host. In the Internet language, users can upload (download) files to (from) a remote host through a client program. In the TCP/IP protocol, the FTP standard command TCP port number is 21, and the port mode data port is 20. The FTP task is to transfer files from one computer to another without being restricted by the operating system.
There are two ways to transfer FTP: ASCII, binary.
1.ASCII transmission method
Assume that the file being copied by the user contains simple ASCII text. If it is not UNIX running on a remote machine, ftp usually automatically adjusts the contents of the file when the file is transferred in order to interpret the file as another computer to store the text file. format.
However, it is often the case that the files that the user is transferring contain not text files, they may be programs, databases, word processing files or compressed files. Use the binary command to tell ftp a verbatim copy before copying any non-text files.
2. Binary transfer mode
In binary transfer, the bit order of the file is saved so that the original and the copy are bit by bit. Even if the file containing the bit sequence on the destination machine is meaningless. For example, Macintosh sends the executable file to the Windows system in binary mode. On the other system, this file cannot be executed.
If you transfer binary files in ASCII mode, they will still be translated even if they are not needed. This will corrupt the data. (The ASCII mode generally assumes that the first significant digit of each character is meaningless because the ASCII character combination does not use it. If you transfer binary files, all bits are important.)
FTP supports two modes: Standard (PORT mode, active mode), Passive (PASV, passive mode).
1.Port mode
The FTP client first establishes a connection with the server's TCP port 21 to send commands. The client sends a PORT command on this channel when it needs to receive data. The PORT command contains what port the client uses to receive data. When transmitting data, the server sends data through the TCP port of its own connection to the designated port of the client. The FTP server must establish a new connection with the client to transfer data.
2.Passive mode
The establishment of the control channel is similar to the Standard mode, but the Pasv command is sent after the connection is established. After receiving the Pasv command, the server opens a temporary port (port number greater than 1023 is less than 65535) and notifies the client of the request to transmit data on this port. The client connects to the FTP server and the FTP server will transmit data through this port.
Many firewalls are not allowed to accept externally initiated connections when they are set up. Therefore, many FTP servers behind the firewall or intranet do not support PASV mode because the client cannot open the high-end port of the FTP server through the firewall. The client of the network cannot log in to the FTP server in PORT mode because the TCP 20 from the server cannot establish a new connection with the client on the internal network, resulting in inoperability.
Second, FTPS (a multi-transport protocol)
A multi-transport protocol, equivalent to an encrypted version of FTP. The default port number is 21. When you send and receive files on an FTP server, you face two risks. The first risk is encrypting files as they are uploaded. The second risk is that these files will stay on the FTP server while you wait for the recipient to download, then how do you keep these files secure? Your second choice (creating an SSL-enabled FTP server) will allow your host to upload these files using an FTPS connection.
This includes using an SSL layer encryption control and data channel under the FTP protocol. One alternative to FTPS is the Secure File Transfer Protocol (SFTP). This protocol uses an SSH file transfer protocol to encrypt FTP connections from the client to the server. SSL (Secure Sockets Layer), and its successor, Transport Layer Security (TLS), is a security protocol that provides security and data integrity for network communications. TLS and SSL encrypt the network connection at the transport layer.
FTPS is an enhanced FTP protocol that uses standard FTP protocols and commands at the Secure Sockets Layer to add SSL security to the FTP protocol and data channels. FTPS is also called "FTP-SSL" and "FTP-over-SSL". SSL is a protocol that encrypts and decrypts data in a secure connection between a client and an SSL-enabled server.
Similar to the sftp connection method, you can use FileZilla and other transfer software to connect to FTPS for uploading, downloading files, creating and deleting directories. In the case of FileZilla connection, there are explicit and implicit TLS/SSL connections. There are also fingerprint tips.
The SSL/TLS protocol works on top of the transport layer (TCP/IP) but below the application layer. Therefore, it can be easily implemented on application layer protocols such as HTTP, Telnet, POP3, IMAP4, SMTP and FTP. There are at least two different initialization methods for SSL security extensions: explicit security and implicit security.
1) Display security: In order to establish an SSL connection, explicit security requires the FTP client to send a specific command to the FTP server after establishing a connection with the FTP server. The client uses the server's default port.
2) Implicit security: When an FTP client connects to an FTP server, implicit security will automatically start running with the SSL connection. In implicit security, the server defines a specific port (TCP port 990) for the client to establish a secure connection with.
Third, SFTP (Secure File Transfer Protocol)
Sftp is an abbreviation of Secure File Transfer Protocol, a secure file transfer protocol. A secure encryption method can be provided for transferring files. Sftp has almost the same syntax and functionality as ftp. SFTP is part of SSH and is a secure way to transfer files to the Blogger server. In fact, the SSH package already contains a secure file transfer subsystem called SFTP (Secure File Transfer Protocol). SFTP itself does not have a separate daemon. It must be done using the sshd daemon (the port number is 22 by default).
The corresponding connection operation, so in a sense, SFTP is not like a server program, but more like a client program. SFTP also uses encrypted transmission of authentication information and transmitted data, so using SFTP is very secure. However, since this transmission method uses encryption/decryption technology, the transmission efficiency is much lower than that of ordinary FTP. If you have higher requirements for network security, you can use SFTP instead of FTP.
(This is what I found in a website that collects many CCIE routing and switching, security, big data, etc., and strongly recommend everyone to visit)
More you may be interested: