SFTP and SCP: Secure File Transfer Protocols

SFTP (SSH File Transfer Protocol) and SCP (Secure Copy Protocol) are both secure file transfer protocols that operate as subsystems of SSH-2 (Secure Shell version 2). These protocols provide encrypted and authenticated methods for transferring files between systems.

SFTP (SSH File Transfer Protocol)

SFTP is a robust and versatile protocol that offers secure file transfer capabilities:

It operates over an encrypted SSH connection, typically on port 22.
SFTP provides strong encryption and authentication to protect against various attacks.
It supports a wide range of file operations, including uploading, downloading, and remote file manipulation.

Key Features:

Encryption of data during transit.
Simplified use with a single port connection.
Support for advanced features that most other file-transfer protocols don't have.

SCP (Secure Copy Protocol)

SCP is another secure file transfer protocol that, like SFTP, operates as an SSH-2 subsystem:

It is designed specifically for securely copying files between hosts on a network.
SCP uses the same authentication and security mechanisms as SSH.

Comparison to SFTP:

SCP is simple to use in scripts, but lacks many of SFTP's advanced features.
SFTP offers more functionality, including the ability to resume interrupted transfers and perform remote file system operations.

Poison pill: in order to fill the functionality gap between SFTP and SCP, some SCP clients attempt to use a parallel SSH-2 Shell to perform some of the operations the SCP protocol lacks, but in doing so they create a potential side-channel for attacks. If all you need are secure file-transfers, and SCP is requesting to perform Shell operations, the safest choice is to drop SCP altogether and switch to SFTP. Do not allow Shell just because SCP may ask for it, unless you know exactly how to keep it safe.

SSH-2 Subsystems

It's important to note that SFTP and SCP are not the only subsystems of SSH-2. The SSH-2 protocol is a versatile framework that supports various subsystems:

File Transfer: SFTP and SCP.
Remote Command Execution: Allows running individual commands on the remote system.
Shell Access: Provides a full interactive shell session on the remote machine.

This flexibility makes SSH-2 a powerful tool for secure remote system management and file transfer, but - as all powerful tools - it requires careful configuration from a knowledgeable administrator.

Security Considerations

Both SFTP and SCP offer significant security advantages over traditional, unencrypted file-transfer protocols:

They use strong encryption to protect data in transit.
They provide authentication mechanisms to verify the identity of both the client and server.
They ensure data integrity, preventing unauthorized modifications during transfer.

Choosing Between SFTP and SCP

When deciding between SFTP and SCP, consider:

Functionality: SFTP offers more advanced file management features.
Compatibility: SCP might be the only choice in old/legacy environments where SFTP support is limited or absent.
Fitness: In most modern scenarios, SFTP is the preferred choice due to its broader feature set and widespread support.

How to be notified of new releases

Setup on Windows (GUI)

Setup on Windows (CLI)

Setup on Linux

Updating/upgrading Syncplify Server!: the general rule

Upgrading from v4/v5 to v6

How to move/migrate your software to a different machine/VM

How to recover (decrypt) old v4/v5 encrypted VFSs

High-Availability (HA) general concepts

High-Availability (HA): how to setup

Licensing and license codes: a complete overview

How to fix "Invalid OTP" error during setup

Where is the manual?

Using network shares (UNC paths) with Syncplify Server! v6+ on Windows

Using network shares (UNC paths) with Syncplify Server! v6+ on Linux

How to backup your Syncplify.me Server! v4/v5

Insecure warning in your browser? It might be OK...

Virtual File System (VFS) Encryption

Overriding permissions on folders/directories

How to change a SuperAdmin password

How to reset the SuperAdmin (SA) password in v4/v5

How to disable 2FA for a SuperAdmin account

How to auto-fix problems with the Web/REST system service

True 2FA/MFA over SSH2/SFTP via keyboard-interactive authentication and Google Authenticator

How to use the SFTP Virtual File System (VFS)

How to use the S3 Virtual File System (VFS)

How to use the Azure blob storage Virtual File System (VFS)

How to use Google cloud platform's object storage Virtual File System (VFS)

How does the block-list (Protector!) work?

Block-list, allow-list, and safe-list

Authenticating users via PKI

Customizing SFTP and FTP(E/S) greetings and banners

How to override permissions on subfolders inside the user’s Home VFS

FATAL ERROR: Connection reset by peer (could not connect to server)

Virtual File Systems (VFS) with quotas

Solved: insecure FTP data connection (TLS session resumption)

Parametric home directories (VFS)

Cannot connect: "unexpected message type 30 (expected one of [34])" reason found in log file

How to backup your Syncplify Server!'s database

Unsupported public key authentication algorithm SshRsa (ssh-rsa)? Here's how to fix it.

How to import many users at once from a CSV file

How to email a list of uploaded files

VFS.ImportFile and VFS.ExportFile

Preventing upload of EXE files

No, we are not affected by Log4j vulnerability (CVE-2021-44228)

How Syncplify.me Server! prevents SSHPsycho attacks

W3C log file format and UTC timestamps

Firewalls and FTP external IP address for PASV

Where do I download the old v4/v5 installers?

Why PGP is an extremely bad choice for a file server's at-rest encryption, and how to do it right

Timeout logging into the SuperAdmin or Admin UI? This is how you may fix it.

Understanding FTP and Its Variants

SFTP and SCP: Secure File Transfer Protocols

SFTP and SCP: Secure File Transfer Protocols

SFTP (SSH File Transfer Protocol)

SCP (Secure Copy Protocol)

SSH-2 Subsystems

Security Considerations

Choosing Between SFTP and SCP