What is SFTP - A clue, its not Secure File Transfers
Posted by Michael Lawson on Apr 1, 2024 12:21:42 PM
What is SFTP?
SFTP is a file transfer protocol built to make file transfers simple and secure. Currently the effective successor to FTP, it is widely supported by most platforms, operating systems, and devices. SFTP is widely used for many use cases involving file transfers, but it really shines when it comes to scheduled, automated data transfers.
File transfers have been a part of the Internet since it was first invented and file transfers are amongst the most frequent operations on the Internet today.
SFTP is the successor to FTP
If you have not heard of FTP, you might have been living in a cave. A pretty big cave. Go back inside; you're probably lost.
SFTP is the successor to FTP and is simpler, faster, and more robust than the traditional FTP protocol. FTP was a great solution for how the Internet used to work before NAT and private IP addresses, firewalls, and hackers. However, the modern Internet has changed a bit, and FTP has not stood the test of time.
SFTP fixes a lot of the underlying issues with FTP and adds asymmetric encryption (the magic behind HTTPS) to the mix, which means that, along with being incredibly robust and simple in design, it's also highly secure.
Both FTP and SFTP support transferring data.
As protocols, both SFTP and FTP are very well supported by systems, which makes them ideal for transferring data in an automated way between devices and software. SFTP is used across the board to transfer anything from banking transactions to power grid logs and everything in between.
It's worth noting, though, that SFTP is not a typical file-sharing or collaboration tool.
SFTP and FTP were used that way before we had better solutions. But now, Dropbox, Box, SharePoint, Google Drive, and other more modern collaboration and file-sharing tools are far better suited for this.
Where SFTP and FTP really shines is when there are robots (computers) talking to each other. You can think of it like a pipe rather than a piece of paper.
Most of the time, SFTP sits in the backend and works its magic away from the eyes of most.
How does SFTP work?
If you are interested in the technical details of SFTP, we would recommend browsing another recent post, SFTP: Secure File Transfer Protocol - A Comprehensive Guide.
The 30,000ft overview
In short, an SFTP file transfer has two parts: the client and the server. This is a common pattern in Internet communication and is the same concept as HTTP and the other backbones of the Internet.
The SFTP client initiates the connection, connects to the server, and sends commands. A command in this case could be "PUT file.txt" which effectively means upload file "file.txt".
The SFTP server is on the other side. SFTP servers sit on the Internet and accept connections from clients that want to send and receive files. The server hosts the data and acts as the broker.
How is SFTP different from FTP?
While SFTP and FTP solve the same problem, they are fundamentally very different. FTP was and is a very robust and well-supported file transfer protocol, but it was originally published as an RFC in 1985, and the Internet has changed a lot since then.
Protocol Design
The main difference between SFTP and FTP is in the protocol implementation. SFTP uses a simple messaging format and a single channel for communication. FTP, on the other hand, has a variety of messaging formats and message types and uses dynamic channels for data transfer.
The use of dynamic data channels was a common design in internet protocols before NAT (Network Address Translation), but now it is a major design flaw and the root cause of much pain for network admins.
Authentication and Security
The second main difference is authentication. FTP supports a few different authentication methods, some of which are not secure by today's standards. By default, authentication to an FTP server is not encrypted, meaning the credentials can be read across the network.
SFTP adopts the SSH model for authentication, which is always encrypted, up-to-date, and secure.
Commands and supported transactions
The commands and actions that SFTP and FTP support are very similar; both support uploads, downloads, list directories, STAT , and other filesystem commands. For the end user, they mostly work the same way.
What is Couchdrop SFTP?
So, where does Couchdrop fit in? Well remember ^above how I mentioned that Dropbox, Google Drive, and SharePoint are not SFTP servers? Well, sometimes you need them to be. And sometimes, you want to stand up an SFTP or FTP server, without the "Server Part". This is where Couchdrop shines.
It's an SFTP server for SharePoint without the server part.
Couchdrop is a scalable SFTP server in the cloud. It allows direct connection to your own storage (or ours) without the need to deploy and manage infrastructure.
Getting Started with Couchdrop
When you first register for Couchdrop, SFTP-based access is enabled by default. You have an SFTP server, and you don't have to raise a finger.