Securing SFTP Communications Ports

As you have seen, FTP generally is a very insecure and easily compromised application. Simply too many cases exist where weak passwords allowed a hacker to gain access and cause damage.

The alternative is SFTP, which has no direct relationship with the FTP protocol. Rather, this protocol depends on the Secure Shell (SSH) protocol for encryption and authentication of the connection.

SSH is the best method currently available to connect to a server. You may hear about several tools that allow you to connect to SSH. Following are some examples of open source tools that support the current version of SSH (SSH-2):

  • Putty
  • Terminal (Mac)
  • WinSCP
  • FileZilla

image SSH-1 is a vulnerable application and should never be used. Although this note is somewhat dated, it's important to keep in mind.

The most common software stack for SSH is OpenSSH. This GNU/GPL licensed code is widely available on many web servers. According to the Internet Engineering Task Force (IETF), the organization that ratifies Internet standards, “The SSH File Transfer Protocol provides secure file transfer functionality over any reliable, bidirectional octet stream. It is the standard file transfer protocol for use with the SSH2 protocol.” In other words, SSH sets up a secure communications channel between your machine (the client) and the server.

A key difference between FTP and SFTP is that ...

Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.