In the old days, lThe only way to create a website was to do it on the developer's computer and upload it to the server. Proprietary solutions such as Microsoft FrontPage included their own system for uploading files, but required the server to have the appropriate extensions. The other alternative was to use an FTP client.
Today, most websites use some type of content manager (which can be installed using a wizard provided by the Hosting) or some online website builder. This makes FTP and sFTP less used. However, they still have their usefulness.
Differentiating FTP and sFTP
File Transfer Protocol (FTP) and SSH File Transfer Protocol (SFTP), also known as Secure File Transfer Protocol, They do many of the same things, but with some notable differences that are worth noting.
The common functions are:
- They allow the use of a graphical interface client to connect the source and destination computers.
- It is possible to navigate between the files on both computers, modify, delete and transfer them from one to the other.
What differentiates both protocols are the ways they do things:
FTP
The standard File Transfer Protocol (FTP) uses a client-server model that connects using two separate channels to move data between them. These two channels are the command channel and the data channel. Neither channel is encrypted (default), this means that if someone could collect data between the server and the client by implementing a man-in-the-middle attack, they could easily read it. The weak point of the FTP protocol is that the data is sent as plain text, which makes it very easy to gather information from the captured data.
A man-in-the-middle attack is one in which cybercriminals intercept the communication between client and server without being detected.
sFTP
The Secure Shell FTP (SFTP) it uses a single channel as a data exchange vehicle. This channel is encrypted, in addition to being protected by a username and password combination or by the use of SSH cryptographic keys. In the event that the transmission between the client and the server is intercepted, it will not be possible to read the data.
Which one should you use?
To choose between one or the other protocol the key question is whether the data contains sensitive information.
To upload a website that only has HTML, CSS and Javascript content, security is not a key factor. However, if you upload a content manager such as WordPress in which encryption keys and database data are included , You have to be careful.
Another point to keep in mind is that SFTP works slower than FTP due to the security built into the protocol. The data is encrypted, and you only work with one channel.
When using the SSH protocol, sFTP requires authentication. This discards it to be used as a public file download server.
The SFTP protocol offers two main methods for authenticating connections. One of them is, as in FTP, the use of username and password. However, with SFTP these credentials are encrypted.
The second authentication method is SSH keys. For this, you must first generate an SSH private key and a public key. The SSH public key is uploaded to the server and associated with the account. Upon connecting to the SFTP server, the client software will transmit its public key for authentication. If the public key matches the private key, along with any username or password supplied, then the authentication will be successful.
Needless to say, they are not the only protocols that exist. This is an introductory article that will serve as the foundation for those who follow.
There are many FTP and sFTP clients in the repositories, and we will talk more about them later. My favorite is FileZila.