What Is SFTP? Security Definition
Also known as: Secure File Transfer Protocol, SSH File Transfer Protocol, SFTP
This page mentions older exam versions. See the Current Exam Context and Legacy Exam Context sections below for the updated mapping.
On This Page
Quick Definition
SFTP, or Secure File Transfer Protocol (also known as SSH File Transfer Protocol), is a network protocol that enables secure file transfer, access, and management over a reliable data stream. It is designed as an extension of the Secure Shell (SSH) protocol, typically running on port 22. Unlike FTP, which transmits data and credentials in plaintext, SFTP encrypts both authentication information and file contents, ensuring confidentiality and integrity. It also supports a range of file operations beyond simple transfer, including directory listing, file removal, and permission changes. SFTP exists to address the critical security shortcomings of traditional FTP, providing a secure alternative for transferring sensitive data over untrusted networks like the internet. It is widely used in system administration, DevOps, and any environment where secure remote file management is required.
Must Know for Exams
CompTIA Network+ (N10-008/009) tests SFTP in several distinct areas. First, protocol fundamentals: candidates must know that SFTP is an SSH-based protocol (port 22) and that it provides encryption for both authentication and data. Second, comparison with other file transfer protocols: exam questions often ask to differentiate SFTP from FTPS, FTP, TFTP, and SCP.
The key distinction is that SFTP uses a single port and is not FTP over SSL. Third, security implications: Network+ emphasizes that SFTP protects against eavesdropping and man-in-the-middle attacks. Fourth, operational use: scenarios may ask which protocol to use for secure transfer of configuration files or logs.
Fifth, troubleshooting: candidates may need to identify why an SFTP connection fails (e.g., SSH service not running, firewall blocking port 22, incorrect key permissions). Security+ goes deeper into authentication methods (password vs.
key-based) and the role of host keys. Both exams expect you to know that SFTP is not the same as FTP over SSH (a common trap).
Simple Meaning
Imagine you need to send a sealed envelope containing confidential documents from your office to a branch across town. With regular FTP, you'd hand the envelope to a courier who drives with the window down—anyone could grab it or read the contents. SFTP is like using an armored car with a locked, tamper-proof box.
The courier (SSH) first verifies both your identity and the recipient's identity, then seals the documents inside a secure container that only the intended recipient can open. Even if someone intercepts the vehicle, they cannot read or alter the documents. This is exactly what SFTP does for digital files: it creates a secure, encrypted tunnel between two computers, ensuring that files remain private and unchanged during transit.
Full Technical Definition
SFTP (Secure File Transfer Protocol) operates at the Application Layer (Layer 7) of the OSI model, but relies on the Transport Layer (Layer 4) for reliable delivery, typically using TCP. It is defined in RFC 4251 (SSH Protocol Architecture) and RFC 4252 (SSH Authentication Protocol), with the file transfer subsystem specified in draft-ietf-secsh-filexfer (various versions). SFTP is not a direct replacement for FTP; it is a completely different protocol that runs over an SSH session, usually on TCP port 22.
The protocol assumes a secure channel (provided by SSH) and then offers a set of file operations: open, close, read, write, remove, rename, mkdir, rmdir, stat, and others. All data, including authentication credentials, commands, and file contents, is encrypted by SSH. Key mechanics include: (1) client initiates an SSH connection to the server, (2) server authenticates the client (password, public key, or other methods), (3) client requests the SFTP subsystem, (4) both sides negotiate protocol version and capabilities, (5) file operations proceed over the encrypted channel.
Compared to alternatives: FTPS (FTP over SSL/TLS) uses separate control and data connections and can be complex with firewalls; SCP (Secure Copy) is simpler but only supports file transfer, not directory management; SFTP provides a richer set of operations and is more firewall-friendly (single port). SFTP is not FTP over SSH—that is a different concept (sometimes called FTP over SSH tunnel). SFTP is a distinct protocol designed from the ground up for security.
Real-Life Example
A network administrator at a financial firm needs to upload daily transaction logs from a local server to a remote backup server at a disaster recovery site. The logs contain sensitive customer data, so security is paramount. The admin uses an SFTP client (e.
g., OpenSSH sftp command) on the local server. The client initiates an SSH connection to the remote server's IP address on port 22. The remote server presents its host key; the client verifies it against a known fingerprint.
The admin authenticates using a private key (no password sent). Once authenticated, the SFTP subsystem starts. The admin uses commands like 'put transaction_logs.tar.gz' to upload the file.
The file is encrypted end-to-end. The remote server stores it with proper permissions. The admin then lists the directory to confirm success. The entire transfer is secure, and the logs are safely archived.
Later, auditors verify that no plaintext credentials were ever transmitted.
Why This Term Matters
IT professionals must understand SFTP because it is the de facto standard for secure file transfer in modern networks. Knowing SFTP is essential for system administration, network security, and compliance with regulations like GDPR, HIPAA, and PCI-DSS. Misconfiguring SFTP (e.
g., allowing password authentication instead of key-based) can lead to breaches. Troubleshooting SFTP issues—such as authentication failures, permission errors, or firewall blocks—is a common task.
On the career front, SFTP knowledge is tested in Network+ and Security+ exams, and is frequently asked in job interviews for network and security roles. Mastery of SFTP demonstrates a practical understanding of secure communications and encryption in transit.
How It Appears in Exam Questions
Exam questions often present a scenario: 'A network administrator needs to transfer sensitive log files from a Linux server to a backup server over the internet. Which protocol should be used?' Correct answer: SFTP.
Wrong answers: FTP (plaintext), TFTP (no security, UDP), or FTPS (also secure but uses multiple ports). Another pattern: 'Which port does SFTP use?' Answer: 22. Wrong: 21 (FTP), 990 (FTPS implicit), 69 (TFTP).
A third pattern: 'Which protocol is an extension of SSH?' Answer: SFTP. Wrong: FTPS (extension of FTP). A fourth pattern: 'An SFTP connection fails. Which is the most likely cause?'
Options: SSH service not running, firewall blocking port 22, incorrect username/password, or SFTP not installed. The correct answer is usually SSH service not running or firewall blocking port 22. To spot the correct answer, remember: SFTP = SSH + file transfer; always port 22; encrypts everything.
Practise SFTP Questions
Test your understanding with exam-style practice questions.
Example Scenario
1. A web developer needs to upload updated website files from their laptop to a remote web server. 2. They open an SFTP client (like FileZilla) and enter the server's hostname, username, and select 'key file' authentication.
3. The client connects to the server on port 22; the SSH handshake occurs, and the server's host key is verified. 4. After successful authentication, the SFTP session starts; the developer sees the remote directory structure.
5. They drag-and-drop the new 'index.html' file from their local folder to the remote 'public_html' folder. The file is encrypted during transfer. 6. The developer verifies the file is present and has correct permissions.
The website is updated securely.
Common Mistakes
SFTP is the same as FTP over SSL (FTPS).
SFTP uses SSH (port 22) and encrypts everything; FTPS uses SSL/TLS (port 990 implicit, 21 explicit) and is an extension of FTP. They are different protocols with different security models.
SFTP = SSH; FTPS = FTP + SSL.
SFTP uses port 21.
Port 21 is the control port for FTP. SFTP uses port 22, the same as SSH. Some might think SFTP is just secure FTP, but it's a different protocol.
SFTP always uses port 22.
SFTP does not encrypt file data, only authentication.
SFTP encrypts the entire session, including all file data and commands, because it runs over SSH. This is a key security advantage over plain FTP.
SFTP encrypts everything – data and authentication.
Exam Trap — Don't Get Fooled
{"trap":"The most dangerous misconception is that SFTP is 'FTP over SSH' – that is, using SSH to tunnel standard FTP traffic. This is incorrect; SFTP is a separate protocol, not a tunneled version of FTP.","why_learners_choose_it":"The name 'Secure File Transfer Protocol' sounds like a secure version of FTP, and many assume it's just FTP with SSH encryption.
The acronym similarity to FTPS also causes confusion.","how_to_avoid_it":"Remember: SFTP is a completely different protocol designed for SSH. It is not FTP at all. If a question mentions 'FTP over SSH', that is a different concept (port forwarding).
SFTP is the SSH File Transfer Protocol."
Commonly Confused With
FTPS is an extension of FTP that adds SSL/TLS encryption. It uses two ports (21 for control, 989/990 for data) and can be explicit or implicit. SFTP uses a single port (22) and is not based on FTP.
FTPS is like adding a lock to an existing mailbox; SFTP is a completely different secure courier service.
SCP is also based on SSH but only supports file copying (no directory listing, rename, etc.). SFTP provides a full file management interface. SCP is simpler but less feature-rich.
SCP is like a secure delivery truck that only drops off packages; SFTP is like a secure truck that also lets you see inventory and rearrange items.
Step-by-Step Breakdown
Step 1 — SSH Connection Initiation
The SFTP client opens a TCP connection to the server on port 22. The SSH protocol starts with a key exchange to establish a secure channel.
Step 2 — Server Authentication
The server presents its host key. The client verifies it against a known list (or accepts it). This prevents man-in-the-middle attacks.
Step 3 — Client Authentication
The client authenticates using a password, public key, or other method. All credentials are encrypted by SSH.
Step 4 — SFTP Subsystem Request
Once authenticated, the client requests the SFTP subsystem. The server starts an SFTP server process to handle file operations.
Step 5 — File Operations
The client sends SFTP commands (open, read, write, etc.) over the encrypted channel. The server responds with data or status. All transfers are secure.
Practical Mini-Lesson
Core Concept: SFTP is a secure file transfer protocol that operates over SSH, encrypting all data and commands. It is not FTP over SSL; it is a completely separate protocol designed for security. How it works: The client initiates an SSH connection to the server (port 22).
The server authenticates itself using a host key. The client authenticates (password, public key, etc.). Once the SSH session is established, the client requests the SFTP subsystem.
The server starts an SFTP server process. All subsequent file operations (list, get, put, delete, rename) are performed within this encrypted channel. Comparison: FTPS (FTP over SSL) uses two ports (control and data) and can be complex with firewalls.
SCP is simpler but only copies files, not directory operations. TFTP is UDP-based and unauthenticated. Key Takeaway: For any exam scenario requiring secure file transfer, SFTP is the correct answer.
Remember: SFTP = SSH + file transfer = port 22 = encryption of everything. Never confuse SFTP with FTPS or FTP over SSH.
Memory Tip
Mnemonic: 'Secure Shell Sends Files Safely' — SSH (Secure Shell) is the foundation, and SFTP is the file transfer part. For the port: '22 is the tunnel of trust' — port 22 for SSH/SFTP. Remember: SFTP is not FTP; it's SSH's file transfer cousin.
Covered in These Exams
Current Exam Context
Current exam versions that test this topic — use these objectives when studying.
N10-009CompTIA Network+ →220-1101CompTIA A+ Core 1 →SY0-701CompTIA Security+ →220-1102CompTIA A+ Core 2 →SC-900SC-900 →CDLGoogle CDL →ISC2 CCISC2 CC →Legacy Exam Context
Older materials may mention these exam versions, but learners should use the current objectives for their target exam.
N10-008N10-009(current version)Related Glossary Terms
AH (Authentication Header) is an IPsec protocol that provides connectionless integrity, data origin authentication, and anti-replay protection for IP packets.
AH (Authentication Header) is an IPsec protocol that provides connectionless integrity, data origin authentication, and anti-replay protection for IP packets.
An AP (Access Point) bridges wireless clients to a wired network, acting as a central transceiver and controller for Wi-Fi communications.
An API is a set of rules that allows software applications to communicate and exchange data with each other.
BCP is a proactive process that creates a framework to ensure critical business functions continue during and after a disruptive event.
BNC (Bayonet Neill-Concelman Connector) is a miniature coaxial connector used for terminating coaxial cables in networking, video, and RF applications.
Frequently Asked Questions
What is the difference between SFTP and FTPS?
SFTP uses SSH (port 22) and is a completely different protocol from FTP. FTPS is FTP with SSL/TLS encryption (ports 21 and 989/990). SFTP is often preferred for its simplicity (single port) and strong security.
Is SFTP the same as FTP over SSH?
No. FTP over SSH means tunneling standard FTP through an SSH connection. SFTP is a separate protocol that is part of SSH. They are different implementations.
Does SFTP encrypt file data?
Yes, SFTP encrypts all data, including file contents, commands, and authentication, because it operates over an SSH session.
Which port does SFTP use?
SFTP uses TCP port 22, the same as SSH. It does not use port 21 (FTP) or 990 (FTPS).
When should I use SFTP instead of FTP?
Use SFTP whenever you need to transfer sensitive data over an untrusted network (like the internet). FTP sends data in plaintext and should only be used on trusted, isolated networks.
Summary
(1) SFTP (Secure File Transfer Protocol) is a secure file transfer protocol that runs over SSH on port 22, encrypting both authentication and data. (2) Key technical property: it is not FTP over SSL; it is a distinct protocol that provides file management capabilities (list, delete, rename) in addition to transfer. (3) Most important exam fact: SFTP uses port 22 (not 21 or 990) and is the go-to choice for secure file transfer in any scenario requiring confidentiality and integrity.