SFTP and FTPS are secure file transfers protocols. Both offer a high level of protection since they implement strong algorithms such as AES and Triple DES to encrypt any data transferred. Most notable differences between SFTP and FTPS is how connections are authenticated and managed.
- SFTP => FTP over SSH
- Connection can be authenticated via both credentials(UserID/Password) and SSH keys.
- UserID/Password supplied in encrypted format over the SFTP connection.
- While using key-based authentication, you will first need to generate a SSH private key and public key beforehand. While making connection send your SSH public key to them, which they will load onto their server and associate with your account. When you connect to their SFTP server, your client software will transmit your public key to the server for authentication. If the keys match, along with any user/password supplied, then the authentication will succeed.
- FTPS => FTP over SSL
- Connection authenticated using a user id, password and certificate(s)
- Like SFTP, the user id and passwords for FTPS connections will also be encrypted.
- While making connection FTPS client will first check if the server’s certificate is trusted. The certificate is considered trusted if either the certificate was signed off by a known certificate authority (CA), like Verisign, or if the certificate was self-signed (by your partner) and you have a copy of their public certificate in your trusted key store.