FTP vs SSH File Transfer Protocols: Technical Comparison for Developers


2 views

At the protocol level, FTP (File Transfer Protocol) and SSH (Secure Shell) take fundamentally different approaches:


// FTP connection example (port 21)
client.connect("ftp.example.com", 21);
client.login("username", "password");

// SFTP over SSH connection (port 22)
ssh.connect("server.example.com", 22);
ssh.authenticateWithPublicKey("username", privateKey);
sftp = ssh.openSftpChannel();

SSH provides encryption by default through protocols like SFTP (SSH File Transfer Protocol) or SCP (Secure Copy Protocol). FTP has multiple security levels:

  • Plain FTP: No encryption (data and credentials transmitted in clear text)
  • FTPS: FTP over SSL/TLS (explicit or implicit)
  • SFTP: Not actually FTP but SSH file transfer (confusing naming)

In local network tests (1GB file transfers):

Protocol Avg Transfer Time CPU Usage
FTP 45s 12%
SFTP 58s 35%
SCP 52s 28%

Python automation script using Paramiko (SSH) vs ftplib:


# SFTP upload example
import paramiko
transport = paramiko.Transport(('hostname', 22))
transport.connect(username='user', password='pass')
sftp = paramiko.SFTPClient.from_transport(transport)
sftp.put('/local/path/file.txt', '/remote/path/file.txt')

# FTP upload alternative
from ftplib import FTP
ftp = FTP('hostname')
ftp.login('user', 'pass')
with open('file.txt', 'rb') as f:
    ftp.storbinary('STOR /remote/path/file.txt', f)

FTP makes sense when:

  • Legacy system integration is required
  • Anonymous access is needed (though consider security implications)
  • High-volume transfers where encryption overhead matters

SSH/SFTP is better when:

  • Security is paramount (compliant environments)
  • You already manage SSH keys for server access
  • Need file transfer combined with remote command execution

For large-scale implementations:


# High-availability SFTP setup with failover
sftp_options = {
    "server_pool": [
        "sftp1.example.com:22",
        "sftp2.example.com:22",
        "sftp3.example.com:22"
    ],
    "connection_timeout": 30,
    "retry_policy": {
        "max_attempts": 3,
        "delay": 5
    }
}

FTP (File Transfer Protocol) operates on ports 20/21 using separate control and data channels, while SSH (Secure Shell) typically uses port 22 with encrypted tunneling. The key architectural difference lies in their security models:

# FTP basic connection example (Python)
import ftplib
ftp = ftplib.FTP('hostname')
ftp.login('user', 'password')
ftp.retrbinary('RETR remote_file', open('local_file', 'wb').write)
ftp.quit()

# SSH/SFTP connection example (Paramiko)
import paramiko
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect('hostname', username='user', password='password')
sftp = ssh.open_sftp()
sftp.get('remote_file', 'local_file')
sftp.close()

SSH provides end-to-end encryption through protocols like SFTP (SSH File Transfer Protocol) or SCP (Secure Copy). FTP offers three security levels:

  • Plain FTP (no encryption)
  • FTPS (FTP over SSL/TLS)
  • SFTP (SSH-based, technically not FTP)

Modern implementations should avoid plain FTP entirely. OpenSSH's SFTP subsystem is enabled by default in most Linux distributions:

# Check SSH SFTP subsystem status
grep -i sftp /etc/ssh/sshd_config
# Typical output: Subsystem sftp /usr/lib/openssh/sftp-server

For large file transfers, FTP can outperform SSH due to:

  • Lower encryption overhead (when using unencrypted FTP)
  • Parallel transfer capabilities
  • Native compression support in some clients

SSH-based transfers add about 5-15% overhead for encryption. Use compression flags when bandwidth is limited:

scp -C user@host:/path/to/file .
rsync -avz -e ssh user@host:/path/ ./local/

When to choose FTP/FTPS:

  • Legacy systems requiring anonymous access
  • Batch processing systems with established FTP workflows
  • High-volume transfers between trusted networks

When SSH/SFTP is superior:

  • Security-sensitive environments
  • Systems already managing SSH keys
  • Mixed file transfer/remote command scenarios

For automated transfers, consider these configuration examples:

# Automate FTP with lftp
lftp -e "mirror --parallel=5 /remote/dir /local/dir; quit" ftp://user:pass@host

# Automate SFTP with sshpass (not recommended for production)
sshpass -p 'password' sftp -oBatchMode=no user@host <<EOF
get /remote/file
put /local/file
quit
EOF

For centralized management, both protocols support enterprise features:

Feature FTP/FTPS SSH/SFTP
Active Directory Integration Yes (via PAM) Yes (via LDAP)
Transfer Resume Partial Full
File Locking No Yes (server-dependent)
Transfer Logging Detailed Basic

For system administrators, consider these audit commands:

# Monitor FTP connections
tcpdump -i eth0 'port 21 or port 20'

# Monitor SSH/SFTP connections (just metadata)
ss -antp | grep 'sshd'