Talk:SSH File Transfer Protocol

SFTP and resume edit

sftp and resume? -- 68.103.147.152 07:21, 2005 Jun 16

I've now mentioned this capability in the article. JTN 13:50, 2005 Jun 16 (UTC)

Missing information edit

I came to this page to double check which port SSH normally uses in a typical installation. Why doesn't the page have this basic information? I'll google it, but it should be here. —Preceding unsigned comment added by 67.121.113.229 (talk) 03:28, 21 March 2010 (UTC)Reply

As stated in the article SFTP is a small layer adbove another protocol, almost always SSH. The port, or even default port, is not included in it's specification an depends on the underlying protocol and should thus not be in the article.
Furthermore Googling "SFTP port" immidiatly returns the answer, so Wikipedia is not needed for anyone to know the answer
Dtech (talk) 20:28, 10 January 2011 (UTC)Reply
That logic is flawed as it follows that most of the information on wikipedia is not needed as it should all (except when print documents are cited) be available through a search engine. — Preceding unsigned comment added by 109.231.193.34 (talk) 14:37, 9 December 2015 (UTC)Reply

I don't understand... edit

What does SSH stand for exactly? Is it a protocol or a program? Is "SSH File Transfer Protocol" the same as SSH? or SFTP? SFTP is introduced into the article without any explanation.

So an SCP program uses the SCP protocol right? And SFTP uses SSH?

I'm confused! :(

SSH stands for "Secure shell". It is both protocol and program. SCP programs use SCP protocol (but some can use also SFTP protocol). SFTP programs use SFTP procol only. Both use SSH.
Ish. SCP is not a protocol, it is a program. SSH is protocol and a program. The SSH protocol allows for a secure bi-directional data stream, and remote command execution. The SSH program is used like ssh username@othercomputer which opens remotely runs that user's login shell, and gives you access, or ssh username@othercomputer command which runs that command, and shows you the output.
SCP stands for "Secure cp" ("cp" is the UNIX command for copy), NOT "Secure Copy Protocol", as many try to insist. SCP is a very simple program that uses the datastream to copy files. Scp is used like scp username@host:fromfile username@host:tofile, where username@ will default to the current user if left out, and host: will default the the current computer. Given the SSH program, one could implement the same "protocol" as SCP with the following shell script:
scp_send() {
    localfile=$1
    remotehost=`echo $2|cut -d: -f1` # split on `:'
    remotefile=`echo $2|cut -d: -f1` # split on `:'
    ssh "$remotehost" "cat > $remotefile" < "$localfile"
}
scp_fetch() {
    localfile=$2
    remotehost=`echo $1|cut -d: -f1` # split on `:'
    remotefile=`echo $1|cut -d: -f1` # split on `:'
    ssh "$remotehost" "cat $remotefile" > "$localfile"
}
This is wrong, although it's a common misconception that this is how scp works. The scp protocol is the rcp protocol over an SSH connection; a description of it is at [1] (reference 1 in the article), and it doesn't look anything like the above. --David-Sarah Hopwood ⚥ (talk) 22:10, 10 September 2011 (UTC)Reply
The SFTP protocol, on the other hand is a full protocol, a variant of FTP, designed to run over a secure datastream, usually provided by SSH. This means that to use SFTP with SSH, one must run both sshd, and sftpd (or whatever). It allows for things like interactive use, and canceling of a transfer without ending the SSH session. ~ 10nitro (talk) 01:29, 25 August 2010 (UTC)Reply
I have to disagree on that, some people doesn't consider it a protocol but a combination of RCP and SSH, and some do. It's based on the RCP (Stands for the UNIX command 'remote copy') protocol, and tunneled through SSH. SubTenebra (talk) 07:50, 31 January 2011 (UTC)Reply
Any commonly used program that communicates over a network effectively defines a protocol, even if, as in this case, the protocol isn't standardized. --David-Sarah Hopwood ⚥ (talk) 22:10, 10 September 2011 (UTC)Reply

new RFC edit

I incremented the RFC filename from 09 to 12. From my limited RFC knowledge it appears the protocol version has not been incremented but that this new RFC delinates "New data types defined" only. The section that would explain the differences seems to be incomplete. Kubatonmax, a Protest Warrior 11:45, 2006 Jan 29 (PST)

Combine, Combine, Combine edit

This topic should be combined with FTP. FTPS article should also be combined with FTP article.12.110.196.19 18:38, 3 April 2006 (UTC)Reply

Disagree with (at least) the first. SFTP a different protocol to FTP. — Matt Crypto 18:43, 3 April 2006 (UTC)Reply
Same here. FTP and SFTP are completely different beasts. Do not combine them into one article. -- Ernstdehaan 08:17, 9 May 2007 (UTC)Reply

SCP not deprecated edit

This article says SCP is deprecated. However, as far as I can see, SCP is not deprecated, just (intentionally) limited compared to SFTP. -- Ernstdehaan 09:24, 9 May 2007 (UTC)Reply

I agree - I cannot find any mention of SCP being deprecated, except by certain vendors of commercial SFTP software. Is there some standards committee somewhere that says SCP is deprecated?

http://www.openssh.org/faq.html#2.10 says:
2.10 - Will you add [foo] to scp?
Short Answer: no.
Long Answer: scp is not standardized. The closest thing it has to a specification is "what rcp does". Since the same command is used on both ends of the connection, adding features or options risks breaking interoperability with other implementations.
New features are more likely in sftp, since the protocol is standardized (well, a draft standard), extensible, and the client and server are decoupled.
Since there was never any attempt to standardize SCP, there is no standards committee that could deprecate it, but from the above you can get the gist of what the maintainers of the most commonly used, open-source implementation (from which most other implementations are forked) think of it. --David-Sarah Hopwood ⚥ (talk) 22:19, 10 September 2011 (UTC)Reply

SFTP is not FTP over SSH edit

I think this comment should be re-considered and worded a bit clearer:

A common misconception is that SFTP is simply FTP run over SSH; in fact it is a new protocol designed from the ground up by the IETF SECSH working group. It is sometimes confused with Simple File Transfer Protocol.

Is it really a "common" misconception that people think that SFTP is technically FTP via an SSH tunnel? It sounds like more of an assumption on the part of the writer to me.

I think that this statement just brings up cause for arguing semantics (like it already has). The way people are "commonly" reading it is: SFTP is not FTP over SSH.

Technically, it is a File Transfer Protocal implementation via SSH.

198.186.144.216 (talk) 18:04, 28 November 2007 (UTC)Reply

I thought SFTP was FTP over SSH, I was just googling whether sshd includes FTP, which brought up this wiki article 109.231.193.34 (talk) 12:38, 9 December 2015 (UTC)Reply

Uninformative edit

I've just read this entire article, and still have no idea what it is talking about. — Chameleon 10:34, 19 December 2007 (UTC)Reply

Agreed, this article is incredibly shallow and the content provides little value; it goes little in the way of explaining this protocol to a layman 109.231.193.34 (talk) 14:34, 9 December 2015 (UTC)Reply

References edit

Struggling to find any suitable references for this one. Anyone got any suggestions? Wordwizz (talk) 13:06, 3 July 2008 (UTC)Reply

SCP – what is the article trying to say here? edit

Quoting the article:

Compared to the earlier SCP protocol, which allows only file transfers, the SFTP protocol allows for a range of operations on remote files – it is more like a remote file system protocol. An SFTP client's extra capabilities compared to an SCP client include resuming interrupted transfers, directory listings, and remote file removal. For these reasons it is relatively simple to implement a GUI SFTP client compared with a GUI SCP client.

  • Surely it's no more or no less a remote file system than FTP is? A file system works with any program which works with files, and neither of them do, unless you install and configure weird pseudo-file systems.
  • How can this make it simpler to implement a GUI SFTP client? Sure, if you define a "GUI client" as "a file manager like Norton Commander or Windows Explorer", it will be a bitch to implement it without a way to get a directory listing ... is that what the article is trying to say?
  • I get the feeling that someone is just mad at "the earlier" SCP because it's not SFTP, and tries to knock it. If so, better not mention it at all.

JöG (talk) 19:32, 3 October 2008 (UTC)Reply

Cryptography and Version History edit

There is no discussion of the cryptographic algorithms used. What makes this secure? Also, no direct comparison of versions are made. How about a table showing version features or maybe a Version History section? Stephen Charles Thompson (talk) 23:45, 15 April 2009 (UTC)Reply

SFTP as a protocol is not secure. The fact that it is most commonly used on the SSH protocol (as the name implies) is what makes it secure. I don't know that this would be worth a new section. —Preceding unsigned comment added by 68.184.142.176 (talk) 14:30, 10 October 2009 (UTC)Reply

File transfer speed, SCP vs SFTP edit

That's only true for naive implementations of the SFTP protocol not using pipelining on the client side. In practice, most SFTP implementations (i.e. OpenSSH sftp) offer the same performance as SCP. —Preceding unsigned comment added by Sfandino (talkcontribs) 11:50, 24 January 2010 (UTC)Reply


The SFTP spec says that pipelined requests are permitted, so SCP won't be faster than SFTP on a well written SFTP server. This section is wrong and should be removed. --24.77.131.106 (talk) 15:12, 10 June 2010 (UTC)Reply

No mention of key based authentication and encryption? edit

The word 'key' doesn't appear anywhere. There needs to be coverage of public key based authentication and encryption (bidirectional) specifically as it applies to SFTP. —Preceding unsigned comment added by Vanyo (talkcontribs) 19:08, 4 March 2010 (UTC)Reply

To quote from the article: "[SFTP] is also intended to be usable with other protocols as well". For a discussion of public key based authentication and encryption see the Secure Shell article TerraFrost (talk) 04:37, 28 April 2010 (UTC)Reply

No explanation of the differences between different versions / drafts edit

Different versions are listed with the relevant RFC's but this provides no information on the differences between the different versions/drafts, just links to technical specifications which are extremely verbose and difficult to follow by a layman which is contrary to the purpose of an encyclopaedic article. It would be very useful to have a summary of that changes put forward in the RFC so an understanding can be achieved without having to read through all the RFCs. RFCs are not easily digestible by people outside of that area of expertise. I would never attempt to read an entire RFC, let alone a long list of them and I work in the industry. This list of versions/drafts should be removed if not elaborated on. The SMTP article is a good example in my opinion of how RFCs should be listed in a technical article. 109.231.193.34 (talk) 14:32, 9 December 2015 (UTC)Reply

Links to drafts of different SFTP versions edit

Links to drafts of different SFTP versions currently all end of on version 13, as https://datatracker.ietf.org/ no longer allows displaying old versions of drafts. Anyone know a better source of old versions of drafts? Prikryl (talk) 15:22, 28 February 2023 (UTC)Reply

There's an open bug about this at https://github.com/ietf-tools/datatracker/issues/4933 and while it is getting some attention it seems like it's not an easy a fix as you might expect, although I don't really understand why.
In the meantime I've collected some of the drafts https://www.greenend.org.uk/rjk/sftp/. If I have time I'll adjust the links in this page (but don't let me stop anyone else...) Ewx (talk) 07:17, 26 April 2023 (UTC)Reply