to ftp or to sftp

Ftp is seen as an old-time unsecure protocol. Many shops nowadays have switched or are switching to sftp. I will try to point out some differences :

Compatibility: none. the protocol is completly different. Multiple graphical clients however do support both mode. But the basic “ftp” client will not work with sftp.

Ascii mode: only in ftp. In sftp, it is always binary so there will be no conversion. Also no blocksize, recordlength or primary/secondary space for your OS/390 connections.

Interactive mode: similar. you enter your username and password, do cd, put and get. But to quit, by will not work in sftp ;-) Use quit or exit instead

Batch mode: different. Most probably you will end up setting a private/public key infrastructure for your ssh connection and use scp (secure copy). If you are using a ssh client like putty, it is possible to do something like pscp -l user -pw password server:file .

Security: sftp is secure, ftp is not.

Speed: ftp is fast, sftp is slow :( !

Oh NOOOOOOO!!!!! What’s the point is bringing something new if it is slower !!!

Ok, let’s try to download a 100m file:

$ time (echo "open dbsrv01
user oracle secret
bin
get 100m"|ftp -n )

real    0m24.673s
user    0m0.030s
sys     0m0.016s
$ time scp -q oracle@dbsrv01:100m .

real    1m46.978s
user    0m0.108s
sys     0m0.202s

it is about 4x slower! Is there anything we could do about it?

Well, maybe :

$ time scp -q -o Compression=yes oracle@dbsrv01:100m .

real    0m18.634s
user    0m0.748s
sys     0m0.452s

ssh/scp/sftp have a compression mode. If you are transferring your large files across a slow network, this may be an interesting option to consider !

OpenSSH homepage : http://www.openssh.org

6 thoughts on “to ftp or to sftp”

  1. Thank you for your idea.
    I use scp/sftp too… they’re secure.

    scp + sftp use sshd to call sftpd subsystem;
    that requires a shell, So user can login to server and run other commands.

    That’s not good ;)

    By the way, I hear about rssh.
    rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp ;) http://www.pizzashack.org/rssh/

  2. You can do FTP over SSL which may be a good compromise. The data (and login too) is encrypted, but at the server end you are still using an FTP server rather than a shell account. We were using an FTP/SSL setup so that people could deposit files with us, but not download any.

  3. That’s a very good point about the shell account :)

    About ftp with ssl, we will have to distribute the client to a bunch of OS/versions, right?

    thanks for your comments

  4. hmm, i don’t see any differences in speed:

    $ lftp -e ‘get 100m’ -u oracle,oracle crash10
    104857600 Bytes ├╝bertragen in 9 Sekunden (11.18M/s)

    $ scp oracle@crash10:100m .
    100m 100% 100MB 11.1MB/s 00:09

    $ sftp oracle@crash10:100m .
    Connecting to crash10…
    Fetching /home/oracle/100m to ./100m
    /home/oracle/100m 100% 100MB 11.1MB/s 00:09

    always 9 seconds.

    about the shell account, recent versions of openssh allow rectrictions like this:

    Match User joe
    ChrootDirectory %h
    ForceCommand internal-sftp
    X11Forwarding no
    AllowTcpForwarding no

  5. Andreas,

    About the time, I do not know lftp, about with ftp when transfering from very distant nodes, compression (-o Compression=yes) does help.

    Thanks a lot for ForceCommand internal-sftp, I will have a look!

  6. Indeed you right..SFTP (which was developed over the ssh protocol) has nothing to do with ftp. But parallel to sftp, there is also been develop a secure ftp called FTPS, but is less used…

    Despite the performance issues, a while ago I was asked to develop a pl/sql package to transfer files via sftp directly from the database..
    FTP is pretty straight forward and their were already some packages developed using only pl/sql..

    SFTP due tho its SSH background force me to develop using java..with some plsql wrappers..which become a problem because the java classes did not work very well on the database (10.2)..

    Since then I haven’t tried to solve the issues, mainly because the project is “frozen” until..well i don’t know :P

    Well, I just thought it was important to point out that there is a FTPS protocol :)

    and by the way…your blog is very very helpful… keep up the good work!!

Leave a Reply

Your email address will not be published.


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>