If you run a website, you're almost certainly familiar with FTP, the file transfer protocol that enables you to upload files to the server that hosts your website.

FTP isn't perfect; one of its biggest flaws is that usernames and passwords are sent in clear text.

That means that every time you use your website's FTP server, there is the possibility that a hacker could intercept your username and password and gain access to your website.

Secure FTP (SFTP) is a file transfer protocol based on the Secure Shell protocol, and as its name suggests, it is designed to provide a more secure means to transfer files between computers.

Because of this, I personally advise all my clients to ditch FTP and set up SFTP.

Setting Up the Server

To use SFTP, it needs to be set up on your server. A competent system administrator should be able to do this with ease.

There are a number of ways to implement SFTP. OpenSSH is probably the most popular, but there are others, including paid options such as CrushFTP.

SFTP Clients

To use SFTP, you need to use client software that supports it. Fortunately, many of the most popular FTP clients also support SFTP. Here are a few:

Here are a few additional tips:
  • Consider setting up your SFTP server to use a port other than 22. Port 22 is the standard port for SFTP so by using a different one, you can help prevent lazy hackers from determining that you're running an SFTP server simply by scanning for an open port 22. Note that this is a good technique to implement with standard FTP as well (which uses port 21 as a default).
  • Be sure to set up your SFTP server so that it supports strong encryption. AES is my cipher of choice.

  • Consider using more secure authentication. Since passwords alone can be guessed, if you need a higher level of security, note that SFTP supports public key authentication and Kerberos, amongst other authentication methods.

Published 30 July, 2008 by Patrick Oak

82 more posts from this author

You might be interested in

Comments (2)


Secure FTP

nice information about SFTP, thank you for sharing this information but i have a question in my mind that Why all the users of server are using Secure FTP not using FTP?

over 9 years ago



tenk you

about 8 years ago

Save or Cancel

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.