SSH File Transfer Protocol
Communication protocol | |
Abbreviation | SFTP |
---|---|
Purpose | File transfer |
Developer(s) | IETF SECSH working group |
Introduction | 1997 |
Based on | Secure Shell (SSH) |
OSI layer | Application layer (7) |
Port(s) | 22/TCP |
In
This protocol assumes that it is run over a secure channel, such as SSH, that the server has already authenticated the client, and that the identity of the client user is available to the protocol.
Capabilities
Compared to the
SFTP attempts to be more platform-independent than SCP; with SCP, for instance, the expansion of wildcards specified by the client is up to the server, whereas SFTP's design avoids this problem. While SCP is most frequently implemented on Unix platforms, SFTP servers are commonly available on most platforms. In SFTP, the file transfer can be easily terminated without terminating a session like other mechanisms do.
SFTP is not
The protocol itself does not provide authentication and security; it expects the underlying protocol to secure this. SFTP is most often used as subsystem of SSH protocol version 2 implementations, having been designed by the same working group. It is possible, however, to run it over SSH-1 (and some implementations support this) or other data streams. Running an SFTP server over SSH-1 is not platform-independent as SSH-1 does not support the concept of subsystems. An SFTP client willing to connect to an SSH-1 server needs to know the path to the SFTP server binary on the server side.
Uploaded files may be associated with their basic attributes, such as time stamps. This is an advantage over the common FTP protocol.
History and development
The Internet Engineering Task Force (IETF) working group "Secsh" that was responsible for the development of the
Versions 0–2
Prior to the IETF's involvement, SFTP was a proprietary protocol of
Version 3
At the outset of the IETF Secure Shell File Transfer project, the Secsh group stated that its objective of SSH File Transfer Protocol was to provide a secure file transfer functionality over any reliable data stream, and to be the standard file transfer protocol for use with the SSH-2 protocol.
Drafts 00–02 of the IETF Internet Draft define successive revisions of version 3 of the SFTP protocol.
- SSH File Transfer Protocol, Draft 00, January 2001
- SSH File Transfer Protocol, Draft 01, March 2001
- SSH File Transfer Protocol, Draft 02, October 2001
Version 4
Drafts 03–04 of the IETF Internet Draft define version 4 of the protocol.
- SSH File Transfer Protocol, Draft 03, October 2002
- SSH File Transfer Protocol, Draft 04, December 2002
Version 5
Draft 05 of the IETF Internet Draft defines version 5 of the protocol.
Version 6
Drafts 06–13 of the IETF Internet Draft define successive revisions of version 6 of the protocol.
- SSH File Transfer Protocol, Draft 06, October 2004
- SSH File Transfer Protocol, Draft 07, March 2005
- SSH File Transfer Protocol, Draft 08, April 2005
- SSH File Transfer Protocol, Draft 09, June 2005 – Added byte-range locks. ACL changes. Rearranged SSH_FXP_REALPATH request parameters.
- SSH File Transfer Protocol, Draft 10, June 2005 – Extensions "vendor-id", "md5-hash", "space-available", "home-directory" removed. ACL changes.
- SSH File Transfer Protocol, Draft 11, January 2006 – ACL transfer fully specified. Editorial changes.
- SSH File Transfer Protocol, Draft 12, January 2006 – Added "IANA considerations". A size parameter is now allowed for file creation as an advisory signal.
- SSH File Transfer Protocol, Draft 13, July 2006 – editorial changes
Extensions
The SFTP protocol supports a generic way of indicating extended commands, along with a method of including them in version negotiation. An IANA registry is requested, but since the protocol never became an official standard, no such registry has been created.[3]
- Draft 13 specifies text-seek, supported2, acl-supported, newline, versions, version-select, filename-charset, filename-translation-control.[3]
- OpenSSH, the most widespread implementation, defines constants to convery ST_NOSUID and ST_RDONLY values across the protocol, using the [email protected] version identifier. It only implements version 3 from draft 1.[9]
Software
SFTP client
The term SFTP can also refer to
Some implementations of the
SFTP server
Some
SFTP proxy
It is difficult to control SFTP transfers on security devices at the network perimeter. There are standard tools for logging
There are some tools that implement man-in-the-middle for SSH which also feature SFTP control. Examples of such a tool are Shell Control Box from
See also
- Comparison of SSH clients
- Comparison of SSH servers
- Comparison of file transfer protocols
- FISH
- FTPS
- Lsh—a GNU SSH-2 and SFTP server for Unix-like OSes
- SSHFS—Mounting remote filesystem using SFTP and SSH
- Category:FTP clients
- Category:SSH File Transfer Protocol clients
References
- ^ "The What's, How's and Why's of SFTP".
- ISBN 0-596-00011-1
- ^ a b c Galbraith, Joseph; Saarenmaa, Oskari (18 July 2006). "SSH File Transfer Protocol". Internet Engineering Task Force.
- ISBN 0-596-00011-1
- ^ "Secsh Status Pages". Tools.ietf.org. Retrieved 2012-08-20.
- ^ "ietf.secsh—Formal consultation prior to closing the secsh working group—msg#00010—Recent Discussion". Osdir.com. 2006-08-14. Archived from the original on 2012-03-20. Retrieved 2012-08-20.
- ^ Moonesamy, S. (2013-07-12). "SSH File Transfer Protocol—draft-moonesamy-secsh-filexfer-00". Tools.ietf.org.
- ^ ftp://ftp.ietf.org/ietf-mail-archive/secsh/2012-09.mail
- ^ "openssh-portable sftp.h". GitHub. OpenSSH. 24 May 2023.
- ^ "OpenBSD manual page for the "sftp" command: "See Also" section". OpenBSD.org. Retrieved 2018-02-04.
- ^ "OpenSSH 9.0". OpenSSH Release Notes. 8 April 2022.
- ^ "Record SSH/RDP/Citrix into Audit Trail—Activity Monitoring Device". Balabit.com. Retrieved 2012-08-20.
- ^ "Privileged Access Control and Monitoring". SSH.com. Retrieved 2014-11-25.