SFTP
What is SFTP?
SFTPA secure file-transfer subsystem that runs inside an SSH session on TCP port 22, providing authenticated, encrypted file and directory operations.
SFTP, the SSH File Transfer Protocol, is not a variant of FTP but an independent protocol tunneled inside SSH (RFC 4251), almost always reached on TCP port 22 via the sftp-server subsystem. It exposes a packet-based API for opening, reading, writing, and listing remote files, plus operations such as renaming, removing, and setting attributes. Because it inherits SSH's host authentication, user authentication (keys or passwords), and AEAD encryption, SFTP avoids FTP's cleartext credentials and dual-channel firewall problems: it uses a single TCP connection. Common deployments include OpenSSH on Linux, MOVEit, and managed file-transfer gateways. Security focus is the same as SSH: key management, algorithm hardening, and chrooted accounts.
● Examples
- 01
An ETL job uploads CSV exports to a partner via sftp partner.example.com.
- 02
A script uses sftp's put -r to mirror a release directory through a bastion.
● Frequently asked questions
What is SFTP?
A secure file-transfer subsystem that runs inside an SSH session on TCP port 22, providing authenticated, encrypted file and directory operations. It belongs to the Network Security category of cybersecurity.
What does SFTP mean?
A secure file-transfer subsystem that runs inside an SSH session on TCP port 22, providing authenticated, encrypted file and directory operations.
How does SFTP work?
SFTP, the SSH File Transfer Protocol, is not a variant of FTP but an independent protocol tunneled inside SSH (RFC 4251), almost always reached on TCP port 22 via the sftp-server subsystem. It exposes a packet-based API for opening, reading, writing, and listing remote files, plus operations such as renaming, removing, and setting attributes. Because it inherits SSH's host authentication, user authentication (keys or passwords), and AEAD encryption, SFTP avoids FTP's cleartext credentials and dual-channel firewall problems: it uses a single TCP connection. Common deployments include OpenSSH on Linux, MOVEit, and managed file-transfer gateways. Security focus is the same as SSH: key management, algorithm hardening, and chrooted accounts.
How do you defend against SFTP?
Defences for SFTP typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for SFTP?
Common alternative names include: SSH File Transfer Protocol.
● Related terms
- network-security№ 1087
SSH
A cryptographic network protocol (RFC 4251, port 22) that provides authenticated, encrypted, and integrity-protected remote login, command execution, and tunneling over an untrusted network.
- network-security№ 437
FTP
A legacy file-transfer protocol (RFC 959) that uses TCP port 21 for control and port 20 for data, transmitting credentials and files in cleartext and largely deprecated for security reasons.
- network-security№ 1134
TCP
A connection-oriented transport protocol (RFC 9293) that delivers an ordered, reliable, congestion-controlled byte stream between two endpoints over IP.
- cryptography№ 067
Asymmetric Encryption
A cryptographic scheme that uses mathematically linked key pairs — a public key for encryption and a private key for decryption — to enable secure communication without prior secret sharing.
- identity-access№ 076
Authentication
The process of verifying that an entity — user, device or service — really is who or what it claims to be before granting access.
- network-security№ 1159
TLS (Transport Layer Security)
The IETF-standardized cryptographic protocol that provides confidentiality, integrity, and authentication for traffic between two networked applications.