1. 54
  1. 8

    I had no idea they were different! I always thought SFTP was just a fancy name for scp. Turns out SFTP is an SSH protocol standard.

    1. 10

      Yes they are pretty different, I wrote about it here https://rain-1.github.io/use-sftp-not-scp.html

      1. 3

        I see you are also against rsync. Is there alternative that would use similar protocol for incremental update that would have better implementation?

        1. 2

          Maybe reclone

        2. 3

          Thanks, looking at its interface is all I need to know I don’t ever want to use the sftp tool. That interface is horrible.

        3. 3

          I thought scp was just a command line tool to transfer files over sftp. Looks like it is that now. What did it use before if not sftp?

          1. 6

            scp used SCP

          2. 2

            An additional learning that blew my mind is that SFTP is actually very much used in big corporations!

            It is used widely in Finance and Healthcare afaik. There are wish to more away from file based protocols but it will take some time!

            1. 3

              An additional learning that blew my mind is that SFTP is actually very much used in big corporations!

              I recently bought a Brother printer / scanner. The scanner has an option to upload results via sftp, with a web-based GUI for providing both the private key for it to use and the server’s public key. It was very easy to set up to scan things to my NAS, where I wrote a tiny script that uses fswatch to watch for new files and then tesseract to OCR them.

              I was very happy to see that it supported SFTP. The last printer / scanner combo thingy I bought could talk FTP or SMB, but a weird version of SMB that didn’t seem to want to talk to Samba.

              1. 2

                The product made by company I work for handles a lot of data being transferred in flat files. Many customers have “security checklists” that identified FTP as an insecure protocol and recommended SFTP instead.

                I used to mock file based data transfer but compared to stuff like getting data via JSON APIs they have a lot of life in them still…

                1. 2

                  You mention JSON APIs; but you can have JSON APIs over SFTP, so I guess you meant REST APIs instead.

                  As far as I understand, the main issue with file based data transfer with SFTP is that there’s no support for upload completion in any way.

                  E.g.: if client 1 uploads a file to the server for processing, then, how does the server knows the file upload is completed?

                  This is often worked around by changing the name of the file(using the SFTP rename command), or uploading a hash too, or the file name is the hash, etc… all this is pretty clumsy compared to how HTTP handles that.

                  1. 2

                    Correct, I meant REST APIs (often returning JSON, but can return XML too).

                    There are a lot of issues with file based transfer, including stuff like completeness (can be mitigated by including a defined footer/end of file marker) file names, unannounced changes of format and so on.

                    But you can shuffle a lot of data in a short time by zipping files, the transfers can be batched, and the endpoint generally doesn’t need a ton of authentication infra to ensure that unauthorized access is prevented etc. Push vs. Pull.

                    In the long run returning data over a API endpoint is The Future, but SFTP is basically a small upgrade to FTP which enables transport security without a ton of other changes.

                    1. 1

                      It’s a bit unclear here if you’re talking about SFTP or FTPS…

                      1. 2


                        I don’t mean it’s a drop-in replacement, but as a part of a system where you have 2 systems communicating using files, updating the transport mechanism from FTP to SFTP is a small step compared to converting the entire chain to an API-based solution.

                  2. 1

                    What bother me about SFTP over FTPS (as a replacement for FTP), is that you need to allow ssh trafic from your client to your server. It also means providing a real account for the client on the machine, while FTPS is just as secure and can make use of virtual accounts and a different port than SSH by default.

                    1. 2

                      There’s nothing about the SFTP protocol that doesn’t allow for virtual users or other port numbers.

                      1. 1

                        Sure the protocol allows it, but as far as I know, openssh doesn’t support virtual users. So you’d need to install another server (say vsftpd), and at this point, why would you run sftp over ftps ?

                  3. 1

                    Yes, I work in the data space and sftp connectors usually come up right after cloud stores. A lot of companies use it, it is even supported by hadoop. It seems to have replaced ftp/nfs is a lot of corporations.

                  4. 2

                    I think scp was basically rcp over ssh rather than rsh/rlogin.