add site
services
publishers
database
health videos
toolbar
stats
live show
health store
more stuff
JOIN/LOGIN
| advertise add site services publishers database health videos
| | about toolbar stats live show health store more stuff JOIN/LOGIN |
In computing, the SSH File Transfer Protocol (sometimes called Secure File Transfer Protocol or SFTP) is a network protocol that provides file access, file transfer, and file management functionality over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capability, but is also intended to be usable with other protocols as well. The IETF of the Internet Draft states that even though this protocol is described in the context of the SSH-2 protocol, this protocol is general and independent of the rest of the SSH2 protocol suite. It could be used in a number of different applications, such as secure file transfer over Transport Layer Security (TLS) and transfer of management information in VPN applications. This protocol assumes that it is run over a secure channel, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol.
[edit] CapabilitiesCompared to the earlier SCP protocol, which allows only file transfers, the SFTP protocol allows for a range of operations on remote files – it is more like a remote file system protocol. An SFTP client's extra capabilities compared to an SCP client include resuming interrupted transfers, directory listings, and remote file removal. [1] For these reasons it is relatively simple to implement a GUI SFTP client compared with a GUI SCP client. SFTP attempts to be more platform-independent than SCP; for instance, with SCP, the expansion of wildcards specified by the client is up to the server, whereas SFTP's design avoids this problem. While SCP is most frequently implemented on Unix platforms, SFTP servers are commonly available on most platforms. SFTP is not FTP run over SSH, but rather a new protocol designed from the ground up by the IETF SECSH working group. It is sometimes confused with Simple File Transfer Protocol. [1] The protocol itself does not provide authentication and security; it expects the underlying protocol to secure this. SFTP is most often used as subsystem of SSH protocol version 2 implementations, having been designed by the same working group. However, it is possible to run it over SSH-1 (and some implementations support this) or other data streams. Running SFTP server over SSH-1 is not platform independent as SSH-1 does not support the concept of subsystems. An SFTP client willing to connect to an SSH-1 server needs to know the path to the SFTP server binary on the server side. The Secure Internet Live Conferencing (SILC) protocol defines the SFTP as its default file transfer protocol. In SILC the SFTP data is not protected with SSH but SILC's secure packet protocol is used to encapsulate the SFTP data into SILC packet and to deliver it peer-to-peer. This is possible as SFTP is designed to be protocol independent. For uploads, the transferred files may be associated with their basic attributes, such as timestamps. This is an advantage over the common FTP protocol, which does not have provision for uploads to include the original date/timestamp attribute with help. [edit] File transfer speed, SCP vs SFTPAlthough both SCP and SFTP utilize the same SSH encryption during file transfer with the same general level of overhead, SCP is usually much faster than SFTP at transferring files especially on high latency networks. This happens because SCP implements a more efficient transfer algorithm, one which does not require waiting for packet confirmations. This leads to faster speed but comes at the expense of not being able to interrupt a transfer, so unlike SFTP, SCP transfer cannot be canceled without terminating the session. [edit] History and DevelopmentThe Internet Engineering Task Force (IETF) working group "Secsh" that was responsible for the development of the Secure Shell version 2 protocol (RFC 4251) also attempted to draft an extention of that standard for secure file transfer functionality. Internet Drafts were created that successively revised the protocol into new versions.[2]. The software industry began to implement various versions of the protocol before the drafts were standardized. As development work progressed, the scope of the Secsh File Transfer project expanded to include file access and file management. Eventually, development stalled as some committee members began to view SFTP as a file system protocol, not just a file access or file transfer protocol, which places it beyond the purview of the working group[3]. As of 2006, version 6 is the last revision to be produced by that group.[2]. The protocol is not an Internet standard but it is still widely implemented. [edit] Versions 1 and 2
It is inferred that the first implementations of SFTP were developed and bundled with the first version of Secure Shell.[citation needed]. [edit] Version 3At the outset of the Secure Shell File Transfer project, the Secsh group stated that its objective of SSH File Transfer Protocol was to provide a secure file transfer functionality over any reliable data stream, and to be the standard file transfer protocol for use with the SSH-2 protocol. Drafts 00 - 02 of the IEFT Internet Draft define successive revisions of version 3 of the SFTP protocol.
[edit] Version 4Drafts 03 - 04 of the IEFT Internet Draft define version 4 of the protocol.
[edit] Version 5Draft 05 of the IEFT Internet Draft defines version 5 of the protocol. [edit] Version 6Drafts 06 - 13 of the IEFT Internet Draft define successive revisions of version 6 of the protocol.
[edit] Software[edit] SFTP clientThe term SFTP can also refer to Secure file transfer program, a command-line program that implements the client part of this protocol, such as that supplied with OpenSSH. The sftp program provides an interactive interface similar to that of traditional FTP clients. Some implementations of the scp program actually use the SFTP protocol to perform file transfers; however, some such implementations are still able to fallback to the SCP protocol if the server does not provide SFTP service. [edit] SFTP serverThere are numerous SFTP server implementations both for UNIX and Windows. The most widely known is perhaps OpenSSH, but there are also proprietary implementations. [edit] SFTP proxyIt is difficult to control SFTP transfers on security devices at the network perimeter. There are standard tools for logging FTP transactions, like TIS fwtk or SUSE FTP proxy, but SFTP is encrypted, rendering traditional proxies ineffective for controlling SFTP traffic. There are some tools that implement man-in-the-middle for SSH which also feature SFTP control. Examples of these tools include Shell Control Box from BalaBit[4] and FileGate SFP from Presaris[5]. These provide functions such as SFTP transaction logging and logging of the actual data transmitted on the wire. [edit] References
[edit] See also
|
| ↑ top of page ↑ | about thumbshots |
