107 | Battle for Security — FTPS vs SFTP
Published on September 24, 2025
Battle for Security — FTPS vs SFTP
Introduction
After we figured out insecure FTP, it’s time to meet its secure successors. Here’s where confusion often arises: many people think FTPS and SFTP are the same thing. In reality, these are two completely different protocols — with different histories and principles of operation.
What is FTPS? (FTP + Security)
FTPS (FTP over SSL/TLS) is a direct evolution of classic FTP. It takes standard FTP and “wraps” its connections in the cryptographic protocol SSL/TLS (the same one that protects websites via HTTPS).
How does FTPS work?
FTPS adds encryption on top of the already familiar two-channel FTP model. There are two modes:
Implicit FTPS The client connects directly to a dedicated port (usually
990) and expects the connection to be secure from the very beginning. An older method.Explicit FTPS The client connects to the standard port
21and sends theAUTH TLScommand, explicitly requesting a switch to secure mode. If the server supports encryption, both channels (control and data) become encrypted. This is the main method used today.
Pros of FTPS
- Strong security thanks to SSL/TLS.
- Familiar and understandable for those who already worked with FTP.
Cons of FTPS
- Still relies on multiple ports, which complicates firewall and NAT configuration.
What is SFTP? (SSH File Transfer Protocol)
SFTP (SSH File Transfer Protocol) is a completely different protocol, which has nothing in common with FTP except for the similar abbreviation. It was developed as part of the SSH (Secure Shell) protocol suite, used for secure remote server management.
How does SFTP work?
- Runs over a single secure SSH connection, usually through port
22. - All data (commands and files) is transmitted inside one encrypted tunnel.
- No need for passive modes or additional ports.
- Authentication can be done with a password, but more often — and more securely — with SSH keys.
Pros of SFTP
- Very high level of security (inherited from SSH).
- Uses only one port — easy to configure.
- Supports key-based authentication.
Cons of SFTP
- Not a direct successor of FTP, which sometimes causes confusion.
FTPS vs SFTP: comparison table
| Characteristic | FTPS (FTP over SSL/TLS) | SFTP (SSH File Transfer Protocol) |
|---|---|---|
| Basis | FTP + SSL/TLS | SSH |
| Security | High | Very high |
| Ports | Multiple (21, 990 + data port range) | Single (usually 22) |
| Authentication | Username/password, certificates | Username/password, SSH keys |
| Command format | Text commands (inside encryption) | Binary protocol |
Conclusion
In 99% of cases, SFTP is the preferred choice for secure file transfer thanks to its ease of setup, reliability, and use of a single port.
FTPS is a good option if you already have infrastructure built around FTP and just need to add a layer of encryption without a full overhaul.
Resources
Related Posts
106 | The Basics of Basics — Introduction to FTP
September 23, 2025
091 | DIY Mesh VPN: Headscale and Self-Managed WireGuard
August 23, 2025
090 | ZeroTier and NetBird: When a Mesh Network Is Needed Here and Now
August 22, 2025
089 | Tailscale: Effortlessly Simple VPN Based on WireGuard
August 21, 2025