571:, as it shares the default port of 22 with other SSH services. SFTP implementations may include an SSH protocol implementation to leverage integration of SSH connection details with preexisting FTP server access controls, where an alternative SSH server is tolerable or where alternative ports may be used. An SSH-2 server which supports subsystems may be leveraged to keep a uniform SSH implementation while enhancing access controls with third party software, at the cost of fine-grained integration with connection details, and SSH-1 compatibility.
337:
At the outset of the IETF Secure Shell File
Transfer project, the Secsh group stated that its objective of SSH File Transfer Protocol was to provide a secure file transfer functionality over any reliable data stream, and to be the standard file transfer protocol for use with the SSH-2 protocol.
268:
protocol version 2 implementations, having been designed by the same working group. It is possible, however, to run it over SSH-1 (and some implementations support this) or other data streams. Running an SFTP server over SSH-1 is not platform-independent as SSH-1 does not support the concept of
292:
were created that successively revised the protocol into new versions. The software industry began to implement various versions of the protocol before the drafts were standardized. As development work progressed, the scope of the Secsh File
Transfer project expanded to include
456:
The SFTP protocol supports a generic way of indicating extended commands, along with a method of including them in version negotiation. An IANA registry is requested, but since the protocol never became an official standard, no such registry has been created.
313:
protocol, which places it beyond the purview of the working group. After a seven-year hiatus, in 2013 an attempt was made to restart work on SFTP using the version 3 draft as the baseline.
555:
support both the SFTP and SCP protocols to perform file transfers, depending on what the server supports. The scp program supplied with OpenSSH 9.0 and higher defaults to using SFTP.
227:'s extra capabilities include resuming interrupted transfers, directory listings, and remote file removal. There is also support for all UNIX file types, including symbolic links.
192:
states that, even though this protocol is described in the context of the SSH-2 protocol, it could be used in a number of different applications, such as secure file transfer over
590:
There are some tools that implement man-in-the-middle for SSH which also feature SFTP control. Examples of such a tool are Shell
Control Box from Balabit and CryptoAuditor from
238:
platforms, SFTP servers are commonly available on most platforms. In SFTP, the file transfer can be easily terminated without terminating a session like other mechanisms do.
594:(the original developer of the Secure Shell protocol) which provides functions such as SFTP transaction logging and logging of the actual data transmitted on the wire.
264:
The protocol itself does not provide authentication and security; it expects the underlying protocol to secure this. SFTP is most often used as subsystem of
657:
936:
219:
protocol, which only allows file transfers, the SFTP protocol allows for a range of operations on remote files which make it more like a remote
618:
613:
325:, designed by Tatu Ylönen with assistance from Sami Lehtinen in 1997. Differences between versions 0–2 and version 3 are enumerated upon in
207:, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol.
831:
269:
subsystems. An SFTP client willing to connect to an SSH-1 server needs to know the path to the SFTP server binary on the server side.
819:
744:
700:
234:
specified by the client is up to the server, whereas SFTP's design avoids this problem. While SCP is most frequently implemented on
780:
250:
177:
79:
579:
It is difficult to control SFTP transfers on security devices at the network perimeter. There are standard tools for logging
288:
version 2 protocol (RFC 4251) also attempted to draft an extension of that standard for secure file transfer functionality.
258:
28:
567:
implement the SFTP protocol; however, outside of dedicated file servers, SFTP protocol support is usually provided by an
528:
272:
Uploaded files may be associated with their basic attributes, such as time stamps. This is an advantage over the common
591:
564:
322:
129:
587:
or SUSE FTP proxy, but SFTP is encrypted, rendering traditional proxies ineffective for controlling SFTP traffic.
608:
603:
568:
284:
The
Internet Engineering Task Force (IETF) working group "Secsh" that was responsible for the development of the
193:
441:– Added "IANA considerations". A size parameter is now allowed for file creation as an advisory signal.
806:
273:
242:
185:
51:
32:
184:
protocol (SSH) version 2.0 to provide secure file transfer capabilities, and is seen as a replacement of
941:
341:
Drafts 00–02 of the IETF Internet Draft define successive revisions of version 3 of the SFTP protocol.
326:
781:"ietf.secsh—Formal consultation prior to closing the secsh working group—msg#00010—Recent Discussion"
721:
652:
532:
444:
438:
432:
429:– Extensions "vendor-id", "md5-hash", "space-available", "home-directory" removed. ACL changes.
426:
420:
415:
410:
405:
390:
375:
370:
355:
350:
345:
189:
401:
Drafts 06–13 of the IETF Internet Draft define successive revisions of version 6 of the protocol.
677:
536:
231:
230:
SFTP attempts to be more platform-independent than SCP; with SCP, for instance, the expansion of
224:
740:
696:
121:
759:
423:– Added byte-range locks. ACL changes. Rearranged SSH_FXP_REALPATH request parameters.
157:
584:
298:
169:
17:
784:
289:
204:
930:
310:
301:. Eventually, development stalled as some committee members began to view SFTP as a
254:
165:
69:
285:
265:
246:
181:
108:
632:
548:
506:
306:
302:
294:
220:
216:
173:
161:
888:
909:
636:
141:
116:
42:
Network protocol that provides file management over any reliable data stream
870:
849:
496:
OpenSSH, the most widespread implementation, defines constants to convert
366:
Drafts 03–04 of the IETF Internet Draft define version 4 of the protocol.
540:
386:
Draft 05 of the IETF Internet Draft defines version 5 of the protocol.
539:
part of this protocol. As an example, the sftp program supplied with
646:
321:
Prior to the IETF's involvement, SFTP was a proprietary protocol of
889:"Record SSH/RDP/Citrix into Audit Trail—Activity Monitoring Device"
642:
850:"OpenBSD manual page for the "sftp" command: "See Also" section"
623:
235:
36:
249:, but rather a new protocol designed from the ground up by the
807:"SSH File Transfer Protocol—draft-moonesamy-secsh-filexfer-00"
628:
580:
509:
version identifier. It only implements version 3 from draft 1.
197:
435:– ACL transfer fully specified. Editorial changes.
820:
ftp://ftp.ietf.org/ietf-mail-archive/secsh/2012-09.mail
720:
Galbraith, Joseph; Saarenmaa, Oskari (18 July 2006).
376:
SSH File
Transfer Protocol, Draft 04, December 2002
128:
115:
104:
86:
75:
65:
57:
439:SSH File Transfer Protocol, Draft 12, January 2006
433:SSH File Transfer Protocol, Draft 11, January 2006
406:SSH File Transfer Protocol, Draft 06, October 2004
391:SSH File Transfer Protocol, Draft 05, January 2004
371:SSH File Transfer Protocol, Draft 03, October 2002
356:SSH File Transfer Protocol, Draft 02, October 2001
346:SSH File Transfer Protocol, Draft 00, January 2001
416:SSH File Transfer Protocol, Draft 08, April 2005
411:SSH File Transfer Protocol, Draft 07, March 2005
351:SSH File Transfer Protocol, Draft 01, March 2001
196:(TLS) and transfer of management information in
735:Barrett, Daniel; Silverman, Richard E. (2001),
445:SSH File Transfer Protocol, Draft 13, July 2006
427:SSH File Transfer Protocol, Draft 10, June 2005
421:SSH File Transfer Protocol, Draft 09, June 2005
649:—Mounting remote filesystem using SFTP and SSH
8:
691:Victoria, Jaynor; Victoria, Beverly (2001),
203:This protocol assumes that it is run over a
45:
737:SSH, The Secure Shell: The Definitive Guide
693:SSH, The Secure Shell: The Definitive Guide
658:Category:SSH File Transfer Protocol clients
910:"Privileged Access Control and Monitoring"
327:section 10 of draft-ietf-secsh-filexfer-02
44:
715:
713:
711:
783:. Osdir.com. 2006-08-14. Archived from
669:
504:values across the protocol, using the
678:"The What's, How's and Why's of SFTP"
614:Comparison of file transfer protocols
7:
188:(FTP) due to superior security. The
724:. Internet Engineering Task Force.
25:
257:. It is sometimes confused with
937:Network file transfer protocols
178:Internet Engineering Task Force
180:(IETF) as an extension of the
1:
259:Simple File Transfer Protocol
150:Secure File Transfer Protocol
29:Simple File Transfer Protocol
805:Moonesamy, S. (2013-07-12).
722:"SSH File Transfer Protocol"
546:Some implementations of the
529:Secure file transfer program
491:filename-translation-control
592:SSH Communications Security
323:SSH Communications Security
92:; 27 years ago
958:
635:SSH-2 and SFTP server for
565:FTP server implementations
146:SSH File Transfer Protocol
46:SSH File Transfer Protocol
26:
18:SSH file transfer protocol
832:"openssh-portable sftp.h"
609:Comparison of SSH servers
604:Comparison of SSH clients
569:SSH server implementation
447:– editorial changes
176:. It was designed by the
50:
194:Transport Layer Security
27:Not to be confused with
838:. OpenSSH. 24 May 2023.
739:, Cambridge: O'Reilly,
695:, Cambridge: O'Reilly,
583:transactions, like TIS
280:History and development
186:File Transfer Protocol
52:Communication protocol
875:OpenSSH Release Notes
305:protocol, not just a
760:"Secsh Status Pages"
653:Category:FTP clients
535:that implements the
533:command-line program
461:Draft 13 specifies
190:IETF Internet Draft
82:SECSH working group
47:
527:can also refer to
223:protocol. An SFTP
172:over any reliable
809:. Tools.ietf.org.
543:implements this.
138:
137:
122:Application layer
16:(Redirected from
949:
921:
920:
918:
917:
906:
900:
899:
897:
896:
885:
879:
878:
867:
861:
860:
858:
857:
846:
840:
839:
828:
822:
817:
811:
810:
802:
796:
795:
793:
792:
777:
771:
770:
768:
767:
762:. Tools.ietf.org
756:
750:
749:
732:
726:
725:
717:
706:
705:
688:
682:
681:
674:
551:
508:
503:
499:
492:
488:
487:filename-charset
484:
480:
476:
472:
468:
464:
215:Compared to the
158:network protocol
100:
98:
93:
48:
21:
957:
956:
952:
951:
950:
948:
947:
946:
927:
926:
925:
924:
915:
913:
908:
907:
903:
894:
892:
887:
886:
882:
877:. 8 April 2022.
869:
868:
864:
855:
853:
848:
847:
843:
830:
829:
825:
818:
814:
804:
803:
799:
790:
788:
779:
778:
774:
765:
763:
758:
757:
753:
747:
734:
733:
729:
719:
718:
709:
703:
690:
689:
685:
676:
675:
671:
666:
600:
577:
561:
547:
521:
516:
505:
501:
497:
490:
486:
482:
478:
474:
470:
466:
462:
454:
399:
384:
364:
335:
319:
299:file management
290:Internet Drafts
282:
213:
170:file management
148:(also known as
96:
94:
91:
43:
40:
23:
22:
15:
12:
11:
5:
955:
953:
945:
944:
939:
929:
928:
923:
922:
901:
880:
862:
841:
823:
812:
797:
772:
751:
745:
727:
707:
701:
683:
668:
667:
665:
662:
661:
660:
655:
650:
640:
626:
621:
616:
611:
606:
599:
596:
576:
573:
560:
557:
520:
517:
515:
512:
511:
510:
494:
483:version-select
453:
450:
449:
448:
442:
436:
430:
424:
418:
413:
408:
398:
395:
394:
393:
383:
380:
379:
378:
373:
363:
360:
359:
358:
353:
348:
334:
331:
318:
315:
281:
278:
212:
209:
205:secure channel
200:applications.
160:that provides
136:
135:
132:
126:
125:
119:
113:
112:
106:
102:
101:
88:
84:
83:
77:
73:
72:
67:
63:
62:
59:
55:
54:
41:
24:
14:
13:
10:
9:
6:
4:
3:
2:
954:
943:
940:
938:
935:
934:
932:
911:
905:
902:
891:. Balabit.com
890:
884:
881:
876:
872:
871:"OpenSSH 9.0"
866:
863:
852:. OpenBSD.org
851:
845:
842:
837:
833:
827:
824:
821:
816:
813:
808:
801:
798:
787:on 2012-03-20
786:
782:
776:
773:
761:
755:
752:
748:
746:0-596-00011-1
742:
738:
731:
728:
723:
716:
714:
712:
708:
704:
702:0-596-00011-1
698:
694:
687:
684:
679:
673:
670:
663:
659:
656:
654:
651:
648:
644:
641:
638:
634:
630:
627:
625:
622:
620:
617:
615:
612:
610:
607:
605:
602:
601:
597:
595:
593:
588:
586:
582:
574:
572:
570:
566:
558:
556:
554:
550:
544:
542:
538:
534:
530:
526:
518:
513:
507:
495:
471:acl-supported
460:
459:
458:
451:
446:
443:
440:
437:
434:
431:
428:
425:
422:
419:
417:
414:
412:
409:
407:
404:
403:
402:
396:
392:
389:
388:
387:
381:
377:
374:
372:
369:
368:
367:
361:
357:
354:
352:
349:
347:
344:
343:
342:
339:
332:
330:
328:
324:
316:
314:
312:
311:file transfer
308:
304:
300:
296:
291:
287:
279:
277:
275:
270:
267:
262:
260:
256:
255:working group
252:
248:
244:
239:
237:
233:
228:
226:
222:
218:
210:
208:
206:
201:
199:
195:
191:
187:
183:
179:
175:
171:
167:
166:file transfer
163:
159:
155:
151:
147:
143:
133:
131:
127:
123:
120:
118:
114:
110:
107:
103:
89:
85:
81:
78:
74:
71:
70:File transfer
68:
64:
60:
56:
53:
49:
38:
34:
30:
19:
942:Secure Shell
914:. Retrieved
904:
893:. Retrieved
883:
874:
865:
854:. Retrieved
844:
835:
826:
815:
800:
789:. Retrieved
785:the original
775:
764:. Retrieved
754:
736:
730:
692:
686:
672:
589:
578:
562:
552:
545:
524:
522:
455:
400:
385:
365:
340:
336:
320:
317:Versions 0–2
286:Secure Shell
283:
271:
263:
241:SFTP is not
240:
229:
214:
211:Capabilities
202:
182:Secure Shell
153:
149:
145:
139:
109:Secure Shell
87:Introduction
76:Developer(s)
58:Abbreviation
33:FTP over SSH
559:SFTP server
519:SFTP client
307:file access
303:file system
295:file access
221:file system
174:data stream
162:file access
931:Categories
916:2014-11-25
895:2012-08-20
856:2018-02-04
791:2012-08-20
766:2012-08-20
664:References
575:SFTP proxy
467:supported2
452:Extensions
276:protocol.
912:. SSH.com
637:Unix-like
523:The term
502:ST_RDONLY
498:ST_NOSUID
463:text-seek
397:Version 6
382:Version 5
362:Version 4
333:Version 3
245:run over
232:wildcards
142:computing
117:OSI layer
598:See also
514:Software
479:versions
105:Based on
553:program
541:OpenSSH
475:newline
156:) is a
130:Port(s)
95: (
66:Purpose
836:GitHub
743:
699:
647:Rclone
537:client
253:SECSH
225:client
168:, and
144:, the
134:22/TCP
643:SSHFS
563:Some
111:(SSH)
35:, or
741:ISBN
697:ISBN
645:and
639:OSes
624:FTPS
619:FISH
585:gdev
531:, a
525:SFTP
500:and
297:and
251:IETF
236:Unix
154:SFTP
97:1997
90:1997
80:IETF
61:SFTP
37:FTPS
633:GNU
631:—a
629:Lsh
581:FTP
549:scp
309:or
274:FTP
266:SSH
247:SSH
243:FTP
217:SCP
198:VPN
152:or
140:In
124:(7)
933::
873:.
834:.
710:^
489:,
485:,
481:,
477:,
473:,
469:,
465:,
329:.
261:.
164:,
31:,
919:.
898:.
859:.
794:.
769:.
680:.
493:.
99:)
39:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.