SFTP, formally known as the SSH2 File Transfer Protocol, is a (relatively) new secure file transfer protocol that continues to evolve into a more widespread data standard due to its ease of use, straightforward configuration, and robust file/directory manipulation capabilities.

As many users have questions about the differences between SFTP and FTPS (link to previous post), Cerberus has prepared a complete guide to SFTP to help. This post addresses the concepts involved in SFTP.

Need to Know More About SFTP?

SFTP Overview

At the highest level, the Secure File Transfer Protocol allows clients to access and manipulate server files remotely. Data is secured via the SSH2 cryptographic protocol, which handles client authentication and validation.

SFTP is commonly used in environments where network security, accessibility, and data manipulation are the primary considerations. Features of the protocol include resuming interrupted file transfers, directory listings, getting and setting file attributes, and remote file removal.

SFTP Concepts

Authentication/SSH Keys: SFTP authentication is performed via SSH keys. These keys are generated by cryptographic algorithms in public/private pairs which must be matched to allow a user connection. The public keys are distributed to clients, while the server’s key remains private. Keys can be generated automatically at the time of connection, or manually to validate password-less connections. (Learn more about Cerberus FTP’s SFTP Key Support here).

Secure Shell (SSH): SFTP is primarily performed over SSH (although it is technically possible to use other protocols). The SSH network protocol allows an encrypted data stream to be established between a client and a server, commonly via Port 22. Data sent via SFTP is protected via an SSH tunnel.

SSH Tunnel: An SSH tunnel is a secure connection established between an SSH server and a client. The tunnel allows the transfer of unencrypted data (such as a file) via an encrypted channel across an unsecured network. SFTP transfers are performed through these encrypted tunnels.

File Operations: SFTP’s operators allow for robust remote transfer, manipulation and deletion of files and directories, in addition to management of transfer interruption. A full list of file transfer operations can be found at this link.

Port: For SSH, the standard dictates that port 22 be used to establish a connection with an SFTP server. Ports are monitored for connection requests by listeners, which can be configured via your SSH server’s administration system.  To configure an SSH2 SFTP Listener in Cerberus FTP Server, click here.

Transport Layer: The transport layer contains the protocols used by host machines to communicate with each other and ensure that data is delivered to the correct application. This layer contains metadata about the transmission that ensures connections are made appropriately, data delivery is validated, transmissions can be stopped and started, etc. SFTP uses the TCP transport protocol.

Transmission Control Protocol (TCP): One of the backbone protocols of the internet, the TCP is the most common way in which applications remotely communicate with each other online. Transmission Control Protocol requires a connection between a client and a server in order to transfer data, at which point it handles the validation of data delivery (checking for reliability, errors, and data order). The TCP also governs data connection port numbers.