What’s the difference between FTPS and SFTP?

Both FTPS (formerly known as FTP over TLS/SSL) and SFTP (technically named the SSH2 File Transfer Protocol) are considered secure file transfer protocols. Despite their similar names, however, these protocols operate in very different ways that make each one better suited for different use cases and environments.

In this post, we’ll take a deep dive into the differences between FTPS and SFTP to help you understand which secure file sharing protocol is best for your situation.

Need to know more about FTPS or SFTP?

The Main Differences Between FTPS and SFTP

Below, we’ve summarized the primary differences between FTPS and SFTP:

Connection Security via SSL/TLS via SSH channel
Security Server authentication is verified using a public key infrastructure. Client authentication can also be performed using usernames and passwords or client certificate verification. Server authentication is typically achieved by securely distributing the server’s public key to clients ahead of time. Clients can be authenticated using usernames and passwords, or public key authentication.
Adoption Most commonly used, primarily due to its ubiquitous legacy More common in more recent devices and software
Connections Required At least 2: one port to issue commands and a separate data port for each directory listing or file transfer Only 1 is required (commands and data use the same connection)
File and Directory Listings and Operations More rudimentary and not uniform. For example, there is no universal way to get/change file or directory attributes Operates via uniform directory listing and documented standards
Algorithms Asymmetric, symmetric, and key exchange. Asymmetric, symmetric, and key exchange.
Authentication Performed via x.509 certificates
(which contain a public key and some ownership information along with a private key)
Performed via SSH keys (which only provide a public key and do not normally confirm ownership information)
Server Requirements Requires a server X.509 certificate and private key. Most SSH server installations will include SFTP support (or Open SSH can be used)

FTPS vs. SFTP: Use Case Comparison

When trying to decide between FTPS and SFTP, the factors below may help make your decision.

Network Security FTPS’s requirements for at least two ports (and possibly many more depending on the volume of file transfer activity) can make troubleshooting difficult and expose novel attack vectors that become possible thanks to the constantly changing data connection between the client and server. Special attention to the network configuration and server security options can help mitigate these risks. Ideal Protocol

SFTP uses a single connection port for all communication between a client and server. This tends to greatly simplify interoperability concerns and reduces the attack surface when compared with FTPS.

Compatibility Tie

Due to FTPS’s length of time in the market, more devices and systems are compatible with FTPS. However, the lack of standardization for many functions can sometimes lead to client and server interoperability issues.


SFTP will generally be accepted by more modern devices and systems (Linux and Unix) but is not ideal for communicating in legacy situations. (for example, VCL and .NET frameworks do not offer built-in support)

Configuration Can cause firewall/transmission issues due to more complex configurations required. Ideal Protocol

Primarily due to its streamlined connections that reduce firewall issues.

Performance Ideal Protocol

Offers the highest possible secure transfer speeds.

SFTP transfers carry a lot more overhead due to the robustness and flexibility of the protocol.
File/Directory Manipulation FTPS’s available commands are limited and not standardized, which can require additional administrative configuration. Ideal Protocol

Offers a number of standardized controls and commands for activities such as file directory manipulation, permissions locking, etc.

Server to Server Communications Ideal Protocol

Due to limitations in SFTP

Server-to-server communications are not well-supported
Internet File Transfer Ideal Protocol

Due to SSL/TLS support built into many internet communications frameworks

Can be configured but will require extra steps.
Authentication Ideal Protocol

Certificate visibility offers high degree of trust

SSH keys can be harder to validate because they usually require the server administrator to securely distribute the server’s public key to clients ahead of initial connection

FTPS vs SFTP Comparison Graphics

Need to understand the differences in these file transfer protocols at a glance? The graphics below may help.

SFTP vs FTPS - understanding the differences    SFTP vs FTPS - use case comparison

Bonus! The History of FTPS and SFTP

FTPS’s History

As the first networking protocol that allowed file transfer from one machine to another, FTP predates the internet and was developed before security concerns about unauthorized users eavesdropping on data traffic needed to be considered.

As more and more people began using the web in the 1990s, the security and privacy of data transmission became legitimate concerns. This situation led to the development of an early cryptographic protocol called the Secure Sockets Layer (SSL) that encrypts commands and data exchanged between a client and a server. When FTP transfers began using this layer in 1996, “FTPS” was born.

SFTP’s History

SFTP evolved from a separate open-source file transfer protocol developed to transfer data with strong security by default. Known as the Secure Shell (SSH) cryptographic network protocol, SSH was originally released in 1995 as freeware by a Swedish researcher attempting to secure his school’s network. After seeing SSH’s popularity and potential, the Internet Engineering Task Force soon began working to standardize the SSH protocol. These efforts extended into secure file transfer, and the first non-proprietary release of the SSH File Transfer Protocol came in 2001.

Various iterations and improvements led to SSH version 2’s release in 2006, and SFTP has since become a widespread data transfer standard.