to ftp or to sftp

Ftp is seen as an old-time unsecure protocol. Many shops nowadays have switched or are switching to sftp. I will try to point out some differences :

Compatibility: none. the protocol is completly different. Multiple graphical clients however do support both mode. But the basic “ftp” client will not work with sftp.

Ascii mode: only in ftp. In sftp, it is always binary so there will be no conversion. Also no blocksize, recordlength or primary/secondary space for your OS/390 connections.

Interactive mode: similar. you enter your username and password, do cd, put and get. But to quit, by will not work in sftp πŸ˜‰ Use quit or exit instead

Batch mode: different. Most probably you will end up setting a private/public key infrastructure for your ssh connection and use scp (secure copy). If you are using a ssh client like putty, it is possible to do something like pscp -l user -pw password server:file .

Security: sftp is secure, ftp is not.

Speed: ftp is fast, sftp is slow πŸ™ !

Oh NOOOOOOO!!!!! What’s the point is bringing something new if it is slower !!!

Ok, let’s try to download a 100m file:
$ time (echo "open dbsrv01
user oracle secret
bin
get 100m"|ftp -n )

real 0m24.673s
user 0m0.030s
sys 0m0.016s
$ time scp -q oracle@dbsrv01:100m .

real 1m46.978s
user 0m0.108s
sys 0m0.202s

it is about 4x slower! Is there anything we could do about it?

Well, maybe :

$ time scp -q -o Compression=yes oracle@dbsrv01:100m .

real 0m18.634s
user 0m0.748s
sys 0m0.452s

ssh/scp/sftp have a compression mode. If you are transferring your large files across a slow network, this may be an interesting option to consider !

OpenSSH homepage : http://www.openssh.org

6 thoughts on “to ftp or to sftp

  1. Surachart Opun

    Thank you for your idea.
    I use scp/sftp too… they’re secure.

    scp + sftp use sshd to call sftpd subsystem;
    that requires a shell, So user can login to server and run other commands.

    That’s not good πŸ˜‰

    By the way, I hear about rssh.
    rssh is a restricted shell for use with OpenSSH, allowing only scp and/or sftp πŸ˜‰ http://www.pizzashack.org/rssh/

  2. Gary

    You can do FTP over SSL which may be a good compromise. The data (and login too) is encrypted, but at the server end you are still using an FTP server rather than a shell account. We were using an FTP/SSL setup so that people could deposit files with us, but not download any.

  3. Laurent Schneider Post author

    That’s a very good point about the shell account πŸ™‚

    About ftp with ssl, we will have to distribute the client to a bunch of OS/versions, right?

    thanks for your comments

  4. Andreas Piesk

    hmm, i don’t see any differences in speed:

    $ lftp -e ‘get 100m’ -u oracle,oracle crash10
    104857600 Bytes ΓΌbertragen in 9 Sekunden (11.18M/s)

    $ scp oracle@crash10:100m .
    100m 100% 100MB 11.1MB/s 00:09

    $ sftp oracle@crash10:100m .
    Connecting to crash10…
    Fetching /home/oracle/100m to ./100m
    /home/oracle/100m 100% 100MB 11.1MB/s 00:09

    always 9 seconds.

    about the shell account, recent versions of openssh allow rectrictions like this:

    Match User joe
    ChrootDirectory %h
    ForceCommand internal-sftp
    X11Forwarding no
    AllowTcpForwarding no

  5. Laurent Schneider Post author

    Andreas,

    About the time, I do not know lftp, about with ftp when transfering from very distant nodes, compression (-o Compression=yes) does help.

    Thanks a lot for ForceCommand internal-sftp, I will have a look!

  6. Pedro Leite

    Indeed you right..SFTP (which was developed over the ssh protocol) has nothing to do with ftp. But parallel to sftp, there is also been develop a secure ftp called FTPS, but is less used…

    Despite the performance issues, a while ago I was asked to develop a pl/sql package to transfer files via sftp directly from the database..
    FTP is pretty straight forward and their were already some packages developed using only pl/sql..

    SFTP due tho its SSH background force me to develop using java..with some plsql wrappers..which become a problem because the java classes did not work very well on the database (10.2)..

    Since then I haven’t tried to solve the issues, mainly because the project is “frozen” until..well i don’t know πŸ˜›

    Well, I just thought it was important to point out that there is a FTPS protocol πŸ™‚

    and by the way…your blog is very very helpful… keep up the good work!!

Comments are closed.