Secure File Transfer is a Better Answer

SSH2 introduced a more robust method of secure file transfer: Secure Shell File Transfer (SFTP). SFTP leverages Secure Shell for authenticated, encrypted file transfer without requiring an internet FTP server. FTP servers (ftpd daemons) are a common target for exploits that can compromise the entire system. SFTP provides the functionality of regular FTP without the risks associated with running unprotected FTP daemons. Replacing FTP with SFTP can significantly reduce a file server's vulnerability. Furthermore, SFTP is not hampered by FTP's multi-connection architecture. As shown in Figure 2, SFTP protects every bit—usernames, passwords, listings, and file data—exchanged between an SFTP client and server.

Figure 2: SFTP Open, Read Commands (tunneled in SSH2 session)

SFTP does not use port forwarding. Instead, SFTP operates as a subsystem, integrated with SSH2. An SFTP client like VanDyke Software's SecureFX® initiates a Secure Shell session to a target SFTP server like VanDyke Software's VShell®. The SFTP protocol consists of remote file system commands like open and read; these commands are tunneled directly through the existing Secure Shell session. A subset of SFTP also provides the basis for SCP(2), a replacement for port-forwarded SCP.

To the end user, SFTP and SCP(2) appear quite similar to the legacy file transfer methods they replace. But, when it comes to security, it's what's inside that counts. For maximum interoperability, VanDyke Software's SecureFX supports both secure and legacy file transfer methods. Whenever possible, organizations should use SFTP, the most robust method available for transferring files safely over Secure Shell.