Ftp is seen as an old-time unsecure protocol. Many shops nowadays have switched or are switching to sftp. I will try to point out some differences :
Compatibility: none. the protocol is completly different. Multiple graphical clients however do support both mode. But the basic “ftp” client will not work with sftp.
Ascii mode: only in ftp. In sftp, it is always binary so there will be no conversion. Also no blocksize, recordlength or primary/secondary space for your OS/390 connections.
Interactive mode: similar. you enter your username and password, do cd, put and get. But to quit, by will not work in sftp π Use quit or exit instead
Batch mode: different. Most probably you will end up setting a private/public key infrastructure for your ssh connection and use scp (secure copy). If you are using a ssh client like putty, it is possible to do something like pscp -l user -pw password server:file .
Security: sftp is secure, ftp is not.
Speed: ftp is fast, sftp is slow π !
Oh NOOOOOOO!!!!! What’s the point is bringing something new if it is slower !!!
Ok, let’s try to download a 100m file:
$ time (echo "open dbsrv01
user oracle secret
bin
get 100m"|ftp -n )
real 0m24.673s
user 0m0.030s
sys 0m0.016s
$ time scp -q oracle@dbsrv01:100m .
real 1m46.978s
user 0m0.108s
sys 0m0.202s
it is about 4x slower! Is there anything we could do about it?
Well, maybe :
$ time scp -q -o Compression=yes oracle@dbsrv01:100m .
real 0m18.634s
user 0m0.748s
sys 0m0.452s
ssh/scp/sftp have a compression mode. If you are transferring your large files across a slow network, this may be an interesting option to consider !
OpenSSH homepage : http://www.openssh.org
Thank you for your idea.
I use scp/sftp too… they’re secure.
scp + sftp use sshd to call sftpd subsystem;
that requires a shell, So user can login to server and run other commands.
That’s not good π
By the way, I hear about rssh.
rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp π http://www.pizzashack.org/rssh/
You can do FTP over SSL which may be a good compromise. The data (and login too) is encrypted, but at the server end you are still using an FTP server rather than a shell account. We were using an FTP/SSL setup so that people could deposit files with us, but not download any.
That’s a very good point about the shell account π
About ftp with ssl, we will have to distribute the client to a bunch of OS/versions, right?
thanks for your comments
hmm, i don’t see any differences in speed:
$ lftp -e ‘get 100m’ -u oracle,oracle crash10
104857600 Bytes ΓΌbertragen in 9 Sekunden (11.18M/s)
$ scp oracle@crash10:100m .
100m 100% 100MB 11.1MB/s 00:09
$ sftp oracle@crash10:100m .
Connecting to crash10…
Fetching /home/oracle/100m to ./100m
/home/oracle/100m 100% 100MB 11.1MB/s 00:09
always 9 seconds.
about the shell account, recent versions of openssh allow rectrictions like this:
Match User joe
ChrootDirectory %h
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no
Andreas,
About the time, I do not know lftp, about with ftp when transfering from very distant nodes, compression (-o Compression=yes) does help.
Thanks a lot for ForceCommand internal-sftp, I will have a look!
Indeed you right..SFTP (which was developed over the ssh protocol) has nothing to do with ftp. But parallel to sftp, there is also been develop a secure ftp called FTPS, but is less used…
Despite the performance issues, a while ago I was asked to develop a pl/sql package to transfer files via sftp directly from the database..
FTP is pretty straight forward and their were already some packages developed using only pl/sql..
SFTP due tho its SSH background force me to develop using java..with some plsql wrappers..which become a problem because the java classes did not work very well on the database (10.2)..
Since then I haven’t tried to solve the issues, mainly because the project is “frozen” until..well i don’t know π
Well, I just thought it was important to point out that there is a FTPS protocol π
and by the way…your blog is very very helpful… keep up the good work!!