/ˌɛs-ɛf-ti-ˈpi/
n. “Securely moving files without looking over your shoulder.”
SFTP, short for SSH File Transfer Protocol or sometimes Secure File Transfer Protocol, is a network protocol that provides secure file transfer capabilities over the SSH (Secure Shell) protocol. Unlike traditional FTP, which sends data in plaintext, SFTP encrypts both commands and data, ensuring confidentiality, integrity, and authentication in transit.
Conceptually, SFTP looks like FTP: you can list directories, upload, download, delete files, and manage file permissions. But under the hood, all traffic is wrapped in an encrypted SSH session. This eliminates the need for separate encryption layers like FTPS while preventing eavesdropping and man-in-the-middle attacks.
A typical SFTP workflow involves connecting to a remote server with a username/password or SSH key, issuing commands like get, put, or ls, and transferring files through the secure channel. Clients like FileZilla, WinSCP, and command-line sftp utilities are commonly used to interact with SFTP servers.
SFTP is widely used for secure website deployment, backing up sensitive data, or exchanging large files between organizations. For example, a development team may deploy new web assets to a production server using SFTP, ensuring that credentials and content cannot be intercepted during transfer.
The protocol also supports advanced features like file permission management, resuming interrupted transfers, and atomic file operations. Because it operates over SSH, SFTP inherits strong cryptographic algorithms, including AES and HMAC, for encryption and authentication.
While SFTP is similar in appearance to FTP, it is a completely different protocol and is often preferred whenever security and compliance are concerns, such as for GDPR or CCPA regulated data transfers.
SFTP is not just FTP over SSH; it’s a purpose-built, secure protocol that keeps files safe in transit while offering the same flexibility that made FTP useful for decades.