At least two people felt the need to explain the difference between FTPS & SFTP to me in detail after I released ZitaFTP Server. It's a testament to how confusing all these acronyms can be. So, what are FTP, FTPS, SFTP, & TFTP? What's the difference? Are they related? Let's find out...

FTP - File Transfer Protocol

You could probably guess that FTP stands for File Transfer Protocol. It's been around since the 70s, and has stood the test of time. FTP is used for transferring files to/from computers, and was the de-facto way to upload files to web hosts.

However, it's insecure. FTP has no encryption, so a packet sniffer like Wireshark could be used to not only read the files being transferred, but also usernames and passwords. I've got another blog post about how that's done (link). Lack of security is a problem...

FTPS - FTP with a Secure extension

FTPS solves FTP's insecure nature by using SSL/TLS to encrypt client server communication. It's the same technology that's used to secure HTTPS connections (when you'll see a padlock symbol in your web browser's address bar). So yes, FTPS and FTP are indeed related.

SFTP - SSH File Transfer Protocol

This is where things get confusing. Secure File Transfer Protocol sounds like it should be an FTP variant, but it isn't. It is a protocol that's used to transfer files, but does so over a Secure SHell (SSH) connection. As such, SFTP is a totally different protocol that's completely incompatible with FTP and FTPS.

SFTP serves a similar purpose as FTP/FTPS, but the underlying technologies are different. It's used a lot with Linux/unix servers where people are already logging in via SSH. Web hosts used to be reluctant to let people use SFTP, because it opens up console access to the server. Console access means that people may be able to run commands and modify the server in ways that the hosting company don't want.

TFTP - Trivial File Transfer Protocol

Trivial FTP is designed to be, well, trivial. It's one of the simplest protocols that enables transferring files between computers. TFTP has zero security. Not even passwords.

TFTP is useful with embedded systems and low-end microcontrollers where the microcontroller has very limited memory. In this scenario, a very simple and easy to implement protocol makes sense. The lack of security doesn't matter because it's being used in a very closed environment.

Most people are unlikely to use TFTP.

When to Use Which Protocol?

I've already covered TFTP's use cases, which are rather limited. For general file transfers you're likely to use FTP/FTPS. It's also used for uploading files to websites, and some higher end cameras include FTP for copying photos to your computer. SFTP can also be used for general file transfer when SSH is available. It's common for virtual private servers where remote console access is a must.

Which protocol is best? It depends on your situation. I've been told that FTP/FTPS is faster than SFTP, but can't say for sure because I haven't done any speed tests. Any speed difference is unlikely to be large enough to be a deciding factor. FTP/FTPS has the disadvantage of using multiple ports, which can make router and/or firewall setup more difficult. Not by much, though.

In the end, which protocol is "best" depends on what's available. If SSH is available and ready to go, then using SFTP makes sense. Otherwise FTP/FTPS is more common. I wouldn't use FTP any more; use its secure variant instead: FTPS (e.g., with ZitaFTP Server ;-) ).