World Library  
Flag as Inappropriate
Email this Article

SSH File Transfer Protocol

Article Id: WHEBN0000428987
Reproduction Date:

Title: SSH File Transfer Protocol  
Author: World Heritage Encyclopedia
Language: English
Subject: List of FTP server software, File Transfer Protocol, List of PHP editors, Secure Shell, FTPS
Collection: Cryptographic Protocols, Network File Transfer Protocols, Secure Shell
Publisher: World Heritage Encyclopedia

SSH File Transfer Protocol

In computing, the SSH File Transfer Protocol (also Secure File Transfer Protocol, or SFTP) is a network protocol that provides file access, file transfer, and file management over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capabilities. The IETF Internet Draft states that, even though this protocol is described in the context of the SSH-2 protocol, it could be used in a number of different applications, such as secure file transfer over Transport Layer Security (TLS) and transfer of management information in VPN applications.

This protocol assumes that it is run over a secure channel, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol.


  • Capabilities 1
  • History and development 2
    • Versions 0 - 2 2.1
    • Version 3 2.2
    • Version 4 2.3
    • Version 5 2.4
    • Version 6 2.5
  • Software 3
    • SFTP client 3.1
    • SFTP server 3.2
    • SFTP proxy 3.3
  • See also 4
  • References 5
  • External links 6


Compared to the SCP protocol, which only allows file transfers, the SFTP protocol allows for a range of operations on remote files which make it more like a remote file system protocol. An SFTP client's extra capabilities include resuming interrupted transfers, directory listings, and remote file removal. [1]

SFTP attempts to be more platform-independent than SCP; with SCP, for instance, the expansion of wildcards specified by the client is up to the server, whereas SFTP's design avoids this problem. While SCP is most frequently implemented on Unix platforms, SFTP servers are commonly available on most platforms.

SFTP is not FTP run over SSH, but rather a new protocol designed from the ground up by the IETF SECSH working group. It is sometimes confused with Simple File Transfer Protocol. [1]

The protocol itself does not provide authentication and security; it expects the underlying protocol to secure this. SFTP is most often used as subsystem of SSH protocol version 2 implementations, having been designed by the same working group. It is possible, however, to run it over SSH-1 (and some implementations support this) or other data streams. Running an SFTP server over SSH-1 is not platform-independent as SSH-1 does not support the concept of subsystems. An SFTP client willing to connect to an SSH-1 server needs to know the path to the SFTP server binary on the server side.

Uploaded files may be associated with their basic attributes, such as timestamps. This is an advantage over the common FTP protocol, which does not have provision for uploads to include the original date/timestamp attribute without help.

History and development

The Internet Engineering Task Force (IETF) working group "Secsh" that was responsible for the development of the [2] The software industry began to implement various versions of the protocol before the drafts were standardized. As development work progressed, the scope of the Secsh File Transfer project expanded to include file access and file management. Eventually, development stalled as some committee members began to view SFTP as a file system protocol, not just a file access or file transfer protocol, which places it beyond the purview of the working group.[3] After a seven-year hiatus, in 2013 an attempt was made to restart work on SFTP using the version 3 draft as the baseline.[4]

Versions 0 - 2

Prior to the IETF's involvement, SFTP was a proprietary protocol of SSH Communications Security, designed by Tatu Ylönen with assistance from Sami Lehtinen in 1997.[5] Differences between versions 0 - 2 and version 3 are enumerated upon in section 10 of draft-ietf-secsh-filexfer-02.

Version 3

At the outset of the IETF Secure Shell File Transfer project, the Secsh group stated that its objective of SSH File Transfer Protocol was to provide a secure file transfer functionality over any reliable data stream, and to be the standard file transfer protocol for use with the SSH-2 protocol.

Drafts 00 - 02 of the IETF Internet Draft define successive revisions of version 3 of the SFTP protocol.

  • SSH File Transfer Protocol, Draft 00, January 2001
  • SSH File Transfer Protocol, Draft 01, March 2001
  • SSH File Transfer Protocol, Draft 02, October 2001

Version 4

Drafts 03 - 04 of the IETF Internet Draft define version 4 of the protocol.

  • SSH File Transfer Protocol, Draft 03, October 2002
  • SSH File Transfer Protocol, Draft 04, December 2002

Version 5

Draft 05 of the IETF Internet Draft defines version 5 of the protocol.

  • SSH File Transfer Protocol, Draft 05, January 2004

Version 6

Drafts 06 - 13 of the IETF Internet Draft define successive revisions of version 6 of the protocol.

  • SSH File Transfer Protocol, Draft 06, October 2004
  • SSH File Transfer Protocol, Draft 07, March 2005
  • SSH File Transfer Protocol, Draft 08, April 2005
  • SSH File Transfer Protocol, Draft 09, June 2005
  • SSH File Transfer Protocol, Draft 10, June 2005
  • SSH File Transfer Protocol, Draft 11, January 2006
  • SSH File Transfer Protocol, Draft 12, January 2006
  • SSH File Transfer Protocol, Draft 13, July 2006


SFTP client

The term SFTP can also refer to Secure file transfer program, a command-line program that implements the client part of this protocol. As an example, the sftp program supplied with OpenSSH implements this.[6]

Some implementations of the scp program support both the SFTP and SCP protocols to perform file transfers, depending on what the server supports.

SFTP server

There are numerous SFTP server implementations both for UNIX, Windows and z/OS. The most widely known is perhaps OpenSSH, but there are also proprietary implementations. Typically the port used is 22. SFTP file transfer protocol is part of SSH protocol suite.

SFTP proxy

It is difficult to control SFTP transfers on security devices at the network perimeter. There are standard tools for logging FTP transactions, like TIS fwtk or SUSE FTP proxy, but SFTP is encrypted, rendering traditional proxies ineffective for controlling SFTP traffic.

There are some tools that implement man-in-the-middle for SSH which also feature SFTP control. Examples of such a tool are Shell Control Box from Balabit [7] and CryptoAuditor from SSH Communications Security [8] (the original developer of the Secure Shell protocol) which provides functions such as SFTP transaction logging and logging of the actual data transmitted on the wire

See also


  1. ^ a b Barrett, Daniel; Richard E. Silverman (2001), SSH, The Secure Shell: The Definitive Guide, Cambridge: O'Reilly,  
  2. ^ "Secsh Status Pages". Retrieved 2012-08-20. 
  3. ^ "ietf.secsh - Formal consultation prior to closing the secsh working group - msg#00010 - Recent Discussion". 2006-08-14. Retrieved 2012-08-20. 
  4. ^ "SSH File Transfer Protocol - draft-moonesamy-secsh-filexfer-00". 2013-07-12. 
  5. ^
  6. ^ "OpenBSD "man" page for the "sftp" command: "See Also" section". Retrieved 2012-12-27. 
  7. ^ "Record SSH/RDP/Citrix into Audit Trail - Activity Monitoring Device". Retrieved 2012-08-20. 
  8. ^ "Privileged Access Control and Monitoring". Retrieved 2014-11-25. 

External links

  • Chrooted SFTP with Public Key Authentication – Integrating SFTP into FreeBSD production servers using the public key cryptography approach
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.