# SFTP

> Source: Courseiva IT Certification Glossary — https://courseiva.com/glossary/sftp

## Quick definition

SFTP is a way to send and receive files between computers securely over the internet. It uses encryption to protect your data from being read by anyone who might intercept it. You need a username and password or a special key to access a server via SFTP.

## Simple meaning

Think of SFTP like mailing a package using a locked, armored courier van instead of a regular postal truck. When you send a file over the internet without protection, it is like sending a postcard where anyone along the route can read your message. SFTP wraps your file inside a secure tunnel using SSH (Secure Shell), which is like that armored van. The van has a strong lock (encryption), and only the person with the right key (your password or digital key) can open it at the destination.

This matters because whenever you move files between computers, especially over the public internet, there is a risk that someone else could see, copy, or change those files. SFTP ensures that even if someone intercepts the data in transit, all they see is scrambled nonsense, not your actual file. This is different from regular FTP, which is like sending that postcard with no envelope at all.

In day-to-day life, you might use SFTP without even knowing it. Many web developers use SFTP to upload website files from their computer to a web hosting server. When you update your blog, add new photos, or change your site’s code, SFTP makes sure those files arrive safely and haven’t been tampered with. The key idea is that SFTP combines file transfer with a secure, encrypted connection, making it a trusted tool for IT professionals who need to move sensitive data or manage remote systems.

## Technical definition

SFTP stands for SSH File Transfer Protocol, also sometimes called Secure File Transfer Protocol. Despite the similar name, it is not related to FTPS (FTP over SSL/TLS). SFTP is a completely different protocol that operates over the Secure Shell (SSH) protocol, typically on TCP port 22. It was designed as an extension of SSH version 2.0 to provide secure file transfer capabilities. Unlike FTP, which uses separate control and data connections (often requiring multiple open ports), SFTP uses only a single encrypted connection for all commands and data transfers.

From a technical standpoint, SFTP relies on the SSH transport layer to establish a secure channel. The client and server first perform an SSH handshake, during which they authenticate each other using cryptographic keys. After authentication, the SFTP subsystem is initiated. SFTP operates as a set of protocol messages exchanged between client and server. It supports a broad range of operations: listing directories, reading and writing files, creating symbolic links, changing file permissions, and resuming interrupted transfers. Because everything happens within the SSH session, all commands, authentication credentials, and file data are encrypted.

In real IT environments, SFTP is widely used for automated data exchange, such as transferring log files, database backups, or business documents between servers. Many organizations run dedicated SFTP servers or enable SFTP on existing SSH servers (like OpenSSH). Access control is managed through standard SSH mechanisms: password-based authentication, public key authentication, or even multi-factor authentication. SFTP also supports features like file integrity checks and server-side file operations without needing to download and re-upload a file. Because it is a single-port protocol, it is easier to configure through firewalls than traditional FTP. For high-security environments, SFTP is often preferred over FTPS because it is simpler to secure and does not require managing separate certificate authorities.

## Real-life example

Imagine you are a freelance photographer and you need to send a large collection of high-resolution images to a magazine editor who lives in a different country. You could put the files on a USB drive and mail it, but that takes days and the drive could get lost or damaged. You could email the files, but email often has size limits and is not secure. Instead, the editor gives you access to a secure digital drop box that works like a safe deposit box at a bank. You open the box by using the special key they gave you, place your photos inside, lock it, and only the editor has the other key to unlock it and take them out. That safe deposit box is like an SFTP server.

The act of putting your photos into the box is like using an SFTP client to upload your images. The encryption system of SFTP is like the lock on the safe deposit box, ensuring that no one else can open the box while it is being handled by couriers or stored in the bank. The editor’s private key to open the box is like the SSH key that authenticates them to the server. If you wanted to just take a quick look at what files are already in the box, you can peek without removing everything, which is like using SFTP’s "list directory" command. If the internet connection drops in the middle of uploading a photo, SFTP can resume from where it stopped, much like you can come back to the safe deposit box later and put in the remaining photos without starting over.

This analogy maps directly to IT because SFTP provides a secure, reliable, and organized way to move files between systems, even over untrusted networks like the internet. Just as you would not want a stranger to have access to the bank vault, system administrators do not want unauthorized users to access their file transfers. SFTP gives them that control and peace of mind.

## Why it matters

SFTP matters because data security during file transfer is a critical requirement in nearly every IT environment. If you work in IT, you will frequently move files between servers, transfer logs for analysis, deploy application code, exchange data with business partners, or back up important information. Without a secure protocol like SFTP, those transfers are vulnerable to eavesdropping, data theft, and tampering. Many legal and regulatory standards, such as HIPAA, GDPR, and PCI-DSS, explicitly require that sensitive data be encrypted during transit, and SFTP is one of the standard ways to achieve that compliance.

SFTP simplifies network security because it only requires opening one port (TCP 22) through a firewall, unlike traditional FTP which may need multiple ports. This reduces the attack surface and makes firewall rule management easier. SFTP also integrates well with existing SSH infrastructure, meaning organizations that already use SSH for remote administration can enable file transfer without deploying new software or learning new management paradigms.

For IT professionals, understanding SFTP is not just about knowing what it stands for. You need to understand how to configure SFTP servers, manage user access with SSH keys, set up automation scripts using SFTP, troubleshoot connection issues, and differentiate it from FTPS and SCP. These are practical, everyday skills. If you cannot securely transfer a file, you cannot do your job reliably. SFTP is one of the foundational tools that ensures data integrity, confidentiality, and availability in file operations.

## Why it matters in exams

SFTP is a commonly tested topic in several IT certification exams, particularly those focused on networking, security, and systems administration. For the CompTIA Network+ exam (N10-008 and N10-009), SFTP appears under Objective 2.1, which covers network protocols and ports. You may be asked to identify SFTP as a secure alternative to FTP and to recall that it operates on port 22 (over SSH). Questions might present a scenario where a company needs to transfer confidential files securely, and you must choose SFTP over FTP or TFTP. For the CompTIA Security+ exam (SY0-601 and SY0-701), SFTP is relevant to Objectives 3.2 and 3.3, which cover secure protocols and application security. Exam questions may ask you to differentiate between SFTP, FTPS, and SCP, or to recommend a secure file transfer method for a given use case. The Security+ exam often includes multiple-choice questions that test your understanding of encryption and authentication mechanisms underlying SFTP.

For the Cisco CCNA exam (200-301), SFTP is less central but appears in the context of network device management and configuration file transfer. You might see questions about using SFTP to backup router or switch configurations securely, as an alternative to TFTP (which is unencrypted). The exam may test your knowledge of the port number and the fact that SFTP relies on SSH.

For the Linux Professional Institute (LPI) LPIC-1 and CompTIA Linux+ exams, SFTP is directly tested as a command-line tool. You will need to know how to use the sftp command, how to connect to a remote server, how to upload and download files, and how to navigate directories. Questions may ask about the underlying protocol or require you to interpret an sftp command syntax.

Regardless of the exam, the core objectives are consistent: identify the purpose of SFTP, know its default port, understand that it provides both authentication and encryption, and be able to compare it to other file transfer protocols. Exam questions may present a scenario involving a security requirement, a firewall configuration, or a troubleshooting situation where SFTP is the recommended solution.

## How it appears in exam questions

SFTP questions in certification exams typically follow a few distinct patterns. The most common is scenario-based identification. For example, a question might describe a network administrator who needs to transfer log files from a web server to a backup server over the internet, and the requirement is that the data be encrypted and authenticated. The answer choices include FTP, TFTP, SFTP, and HTTP. You need to select SFTP because it is the only option that provides both encryption and authentication. Another variation asks you to identify the correct port number. A question might say, "A client is trying to connect to an SFTP server but the connection fails. The firewall allows traffic on port 22. Which protocol is being used?" The answer is SFTP, because it uses port 22 via SSH.

Configuration questions are also common. For instance, you might be given an output of an sftp command showing a successful connection and asked to interpret what the user just did. Or you might need to identify the correct command to download a file from an SFTP server. In a Linux+ exam, the question could be: "Which command is used to securely transfer a file from a remote server to the local machine?" with options like scp, ftp, sftp, and rsync. You need to select sftp or recognize that sftp is the secure interactive file transfer tool.

Troubleshooting questions might present a situation where a user can SSH into a server but cannot access SFTP. You would need to recognize that the SFTP subsystem might not be enabled in the SSH server configuration (sshd_config). Another troubleshooting scenario could involve authentication failure: public key authentication works for SSH but not for SFTP, possibly due to incorrect file permissions on the authorized_keys file. Questions can also ask you to determine why an SFTP transfer is slow, which may be related to network latency, encryption overhead, or bandwidth limits.

In some exams, there are comparison questions that ask, "What is the difference between SFTP and FTPS?" The answer typically focuses on the underlying protocol: SFTP uses SSH (port 22), while FTPS uses SSL/TLS (ports 21 and 989/990). Multiple-choice questions may also test whether you know that SFTP is not the same as FTP over SSH, which is technically called FTP over SSH tunneling.

## Example scenario

You are a junior IT administrator at a marketing agency. Your company has a web server that hosts client websites. One of your designers, Sarah, needs to upload a new homepage design including images and CSS files to the production server. The server is located in a different city, and the only way to access it is over the public internet. Your boss tells you that the transfer must be secure because the client’s website contains customer contact forms and login pages. You decide to use SFTP.

First, you create a dedicated user account for Sarah on the server. You configure OpenSSH to allow SFTP access and restrict her to her home directory using a chroot jail for extra security. You give Sarah her username and a strong password. She opens an SFTP client on her laptop, enters the server’s hostname, port 22, her username, and password. The SFTP client establishes an SSH connection, the server verifies her credentials, and they negotiate an encrypted channel.

Now Sarah can see the server’s file system. She navigates to the website’s root directory, selects the new homepage files from her local computer, and drags them into the remote directory. As the files transfer, they are encrypted. Two minutes later, the transfer completes successfully. She logs out. You check the server logs and see that her session was recorded. The entire process was secure, fast, and required no manual firewall changes. This scenario shows how SFTP is used in practice: simple for the end-user, yet robust enough for the administrator to enforce security policies.

## Common mistakes

- **Mistake:** Thinking SFTP is the same as FTP over SSL (FTPS).
  - Why it is wrong: SFTP and FTPS are different protocols. SFTP uses the SSH protocol (port 22) for both authentication and encryption, while FTPS uses SSL/TLS (port 21 for control, 989/990 for data). They are not compatible with each other.
  - Fix: Remember that SFTP = SSH + file transfer. FTPS = FTP + SSL/TLS. Check the port number and the underlying security layer to identify which one is being used.
- **Mistake:** Assuming SFTP uses TCP port 990 by default.
  - Why it is wrong: Port 990 is used by FTPS (implicit FTPS). SFTP always uses port 22, because it is an extension of SSH. If a question or configuration mentions port 990, it is almost certainly FTPS, not SFTP.
  - Fix: Memorize: SFTP = port 22, FTPS control = port 21, FTPS data = port 20 (explicit) or 989/990 (implicit). Do not mix them up.
- **Mistake:** Believing that SFTP is inherently faster than FTP.
  - Why it is wrong: SFTP includes encryption overhead, which can actually make it slower than plain FTP in terms of raw throughput. The speed depends on CPU capacity, encryption algorithm, and network conditions. SFTP is chosen for security, not speed.
  - Fix: Understand that SFTP prioritizes security over performance. If speed is critical and data is not sensitive, an admin might choose FTP or TFTP, but at the cost of no encryption.
- **Mistake:** Confusing SFTP with SCP (Secure Copy Protocol).
  - Why it is wrong: Both use SSH and provide encryption, but they are different tools. SCP is simpler and only transfers files (no directory listing or interactive commands). SFTP is more feature-rich, allowing file management operations like listing, deleting, renaming, and resuming transfers.
  - Fix: Think of SCP as a simple copy command (like cp over SSH), and SFTP as an interactive file session (like a secure FTP client). SCP is faster for single files; SFTP is better for complex operations.

## Exam trap

{"trap":"An exam question describes a file transfer that uses \"SSH\" for security and lists the port as 22, but then asks you to identify the protocol as FTPS.","why_learners_choose_it":"Learners often see the letters 'FTP' in both SFTP and FTPS and assume they are the same. The mention of 'secure file transfer' triggers the idea of FTPS (FTP over SSL). Also, learners may not remember that FTPS typically uses ports 21 or 990, not 22.","how_to_avoid_it":"Always connect the protocol to its port and underlying mechanism. SFTP uses SSH and port 22. FTPS uses SSL/TLS and ports 21, 989, or 990. If the question says the transfer uses SSH, the protocol must be SFTP, not FTPS. Practice by memorizing these associations."}

## Commonly confused with

- **SFTP vs FTPS:** FTPS stands for FTP over SSL/TLS. It is the secure version of FTP that adds a security layer (SSL/TLS) to the standard FTP protocol. SFTP, on the other hand, is an extension of SSH and does not use FTP at all. The ports are different (FTPS uses 21/989/990; SFTP uses 22). FTPS requires managing certificates, while SFTP uses SSH keys. (Example: If you connect to a server using port 21 and see a certificate warning, you are using FTPS. If you connect using port 22 and authenticate with an SSH key, you are using SFTP.)
- **SFTP vs SCP:** SCP (Secure Copy Protocol) also runs over SSH and uses port 22, but it is designed only for copying files. You cannot list directories, rename files, or resume interrupted transfers with SCP. SFTP is a full file transfer suite. SCP is typically faster for simple transfers because it is less feature-heavy, but it is being deprecated in many modern implementations due to security limitations in its protocol design. (Example: To quickly copy a file from a remote server, you might use 'scp user@host:/path/to/file .'. To browse the remote file system and download multiple files interactively, you would use 'sftp user@host'.)
- **SFTP vs FTP:** FTP (File Transfer Protocol) is the original, unencrypted file transfer protocol. It transmits all data, including usernames and passwords, in plain text. SFTP encrypts everything using SSH. FTP typically uses ports 20 and 21, while SFTP uses a single port 22. FTP requires additional security layers (like SSL/TLS) to become FTPS, while SFTP is inherently secure. (Example: If you log into an FTP server with username 'admin' and password 'secret', anyone sniffing the network can see those credentials. With SFTP, that traffic is encrypted.)

## Step-by-step breakdown

1. **Client initiates SSH connection** — The SFTP client (for example, an sftp command or a GUI tool) starts by establishing a TCP connection to the server on port 22 (the default SSH port). This is the beginning of the SSH handshake.
2. **Server identifies itself** — The server presents its host key (a public key) to the client. This allows the client to verify that it is connecting to the correct server and not an imposter. The client checks this key against a known_hosts file to prevent man-in-the-middle attacks.
3. **Client authentication** — The client authenticates to the server using a chosen method: password, public key, keyboard-interactive, or another method configured on the SSH server. The authentication is encrypted, so credentials are not exposed.
4. **SSH session established and SFTP subsystem started** — After successful authentication, the SSH session is fully set up with an encrypted channel. The client then requests the SFTP subsystem from the server (via the SSH protocol). The server starts an SFTP server process to handle the file transfer operations.
5. **File operations are performed** — The client and server exchange SFTP protocol messages to perform operations like open, read, write, close, stat, opendir, readdir, and rename. All commands and data are transmitted through the encrypted SSH tunnel. The protocol supports resuming transfers and checking file integrity.
6. **Session termination** — When the file transfer is complete, the client gracefully closes the SFTP session. The SSH connection may also be terminated, or the client may start another secure session (for example, an interactive shell) using the same SSH connection. The server logs the session details for auditing.

## Practical mini-lesson

In practice, configuring an SFTP server on a Linux system using OpenSSH is a fundamental skill. The configuration file is typically /etc/ssh/sshd_config. You need to ensure that the line 'Subsystem sftp /usr/lib/openssh/sftp-server' is present and not commented out. To restrict an SFTP user to their home directory (chroot jail), you can set 'ChrootDirectory %h' and internal SFTP options. For example, a common configuration is:

Match User sftpuser
 ChrootDirectory /home/sftpuser
 ForceCommand internal-sftp
 X11Forwarding no
 AllowTcpForwarding no

This forces the user to use only SFTP (not a shell), limits them to their home directory, and disables other SSH features that could be security risks. After modifying the config, you must restart the SSH service.

On the client side, the sftp command works like an interactive FTP client. For example, to connect: sftp username@hostname. Inside the session, you can use commands like ls (list remote directory), lpwd (local working directory), get (download file), put (upload file), rm (delete remote file), mkdir, rmdir, and exit. For automation, you can script sftp with a batch file using the -b flag, or use tools like lftp for more advanced scripting. A common real-world problem is that SFTP connections can be blocked by firewalls or fail due to incorrect SSH host key verification. When troubleshooting, check that the SSH service is running, that port 22 is open on the server firewall (and any network firewalls), and that the SSH daemon logs indicate successful or failed authentication attempts (usually in /var/log/auth.log).

Another potential issue is file permission problems on the server. If an SFTP user cannot write files, the home directory and target directories must have the correct ownership and permissions. For chrooted SFTP, the chroot directory must be owned by root and have 755 permissions. If the permissions are wrong, SFTP connections may work for listing but fail for writes. Understanding these details is what separates a competent IT professional from someone who just knows the theory.

## Memory tip

Remember SFTP as 'SSH File Transfer Protocol', the S in SFTP matches the S in SSH, and both work on port 22.

## FAQ

**Is SFTP the same as FTPS?**

No. SFTP runs over SSH (port 22) and is a completely different protocol. FTPS is FTP with SSL/TLS (ports 21, 989/990). They are not interchangeable.

**What port does SFTP use?**

SFTP uses TCP port 22 by default, because it is an extension of the SSH protocol.

**Can SFTP be used for automated backups?**

Yes, SFTP is commonly used for automated backups. You can script the sftp command or use tools like rsync over SSH to automate secure file transfers.

**Is SFTP faster than FTP?**

Generally no. Encryption adds overhead, so FTP (unencrypted) can be faster. SFTP is chosen for security, not speed.

**Do I need a special server for SFTP?**

No. You can enable SFTP on any server that runs SSH (like OpenSSH). You just need to ensure the SFTP subsystem is configured.

**What is the difference between SFTP and SCP?**

Both use SSH for security, but SCP only copies files, while SFTP offers interactive file management (listing, renaming, deleting, resuming etc.).

## Summary

SFTP, or SSH File Transfer Protocol, is a secure method for transferring files over a network using the SSH protocol on port 22. It provides both authentication and encryption, protecting data from eavesdropping and tampering. Unlike FTP, which sends credentials and data in plain text, SFTP encrypts everything. This makes it the go-to choice for IT professionals who need to handle sensitive files, comply with security regulations, or manage remote servers securely.

Understanding SFTP is important for many IT certification exams, including CompTIA Network+, Security+, Linux+, and Cisco CCNA. Exam questions often test your knowledge of its port number, its relationship to SSH, and how it differs from FTPS, FTP, and SCP. You should be comfortable identifying scenarios where SFTP is appropriate and understanding basic configuration and troubleshooting steps.

For your exam preparation, focus on memorizing port 22, the fact that SFTP is an SSH extension, and the difference between SFTP and FTPS. Practice with the sftp command if you have access to a Linux system. Being able to distinguish between similar-sounding protocols will help you avoid common exam traps. SFTP is a fundamental, secure file transfer tool that every IT professional should know inside and out.

---

Practice questions and the full interactive page: https://courseiva.com/glossary/sftp
