Talk:SSH File Transfer Protocol

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computing (Rated Start-class)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
 
WikiProject Cryptography / Computer science   
WikiProject icon This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
 ???  This article has not yet received a rating on the quality scale.
 ???  This article has not yet received a rating on the importance scale.
Taskforce icon
This article is supported by WikiProject Computer science.
 

SFTP and resume[edit]

sftp and resume? -- 68.103.147.152 07:21, 2005 Jun 16

I've now mentioned this capability in the article. JTN 13:50, 2005 Jun 16 (UTC)

Missing information[edit]

I came to this page to double check which port SSH normally uses in a typical installation. Why doesn't the page have this basic information? I'll google it, but it should be here. —Preceding unsigned comment added by 67.121.113.229 (talk) 03:28, 21 March 2010 (UTC)

As stated in the article SFTP is a small layer adbove another protocol, almost always SSH. The port, or even default port, is not included in it's specification an depends on the underlying protocol and should thus not be in the article.
Furthermore Googling "SFTP port" immidiatly returns the answer, so Wikipedia is not needed for anyone to know the answer
Dtech (talk) 20:28, 10 January 2011 (UTC)

I don't understand...[edit]

What does SSH stand for exactly? Is it a protocol or a program? Is "SSH File Transfer Protocol" the same as SSH? or SFTP? SFTP is introduced into the article without any explanation.

So an SCP program uses the SCP protocol right? And SFTP uses SSH?

I'm confused! :(

SSH stands for "Secure shell". It is both protocol and program. SCP programs use SCP protocol (but some can use also SFTP protocol). SFTP programs use SFTP procol only. Both use SSH.
Ish. SCP is not a protocol, it is a program. SSH is protocol and a program. The SSH protocol allows for a secure bi-directional data stream, and remote command execution. The SSH program is used like ssh username@othercomputer which opens remotely runs that user's login shell, and gives you access, or ssh username@othercomputer command which runs that command, and shows you the output.
SCP stands for "Secure cp" ("cp" is the UNIX command for copy), NOT "Secure Copy Protocol", as many try to insist. SCP is a very simple program that uses the datastream to copy files. Scp is used like scp username@host:fromfile username@host:tofile, where username@ will default to the current user if left out, and host: will default the the current computer. Given the SSH program, one could implement the same "protocol" as SCP with the following shell script:
scp_send() {
    localfile=$1
    remotehost=`echo $2|cut -d: -f1` # split on `:'
    remotefile=`echo $2|cut -d: -f1` # split on `:'
    ssh "$remotehost" "cat > $remotefile" < "$localfile"
}
scp_fetch() {
    localfile=$2
    remotehost=`echo $1|cut -d: -f1` # split on `:'
    remotefile=`echo $1|cut -d: -f1` # split on `:'
    ssh "$remotehost" "cat $remotefile" > "$localfile"
}
This is wrong, although it's a common misconception that this is how scp works. The scp protocol is the rcp protocol over an SSH connection; a description of it is at [1] (reference 1 in the article), and it doesn't look anything like the above. --David-Sarah Hopwood ⚥ (talk) 22:10, 10 September 2011 (UTC)
The SFTP protocol, on the other hand is a full protocol, a variant of FTP, designed to run over a secure datastream, usually provided by SSH. This means that to use SFTP with SSH, one must run both sshd, and sftpd (or whatever). It allows for things like interactive use, and canceling of a transfer without ending the SSH session. ~ 10nitro (talk) 01:29, 25 August 2010 (UTC)
I have to disagree on that, some people doesn't consider it a protocol but a combination of RCP and SSH, and some do. It's based on the RCP (Stands for the UNIX command 'remote copy') protocol, and tunneled through SSH. SubTenebra (talk) 07:50, 31 January 2011 (UTC)
Any commonly used program that communicates over a network effectively defines a protocol, even if, as in this case, the protocol isn't standardized. --David-Sarah Hopwood ⚥ (talk) 22:10, 10 September 2011 (UTC)

new RFC[edit]

I incremented the RFC filename from 09 to 12. From my limited RFC knowledge it appears the protocol version has not been incremented but that this new RFC delinates "New data types defined" only. The section that would explain the differences seems to be incomplete. Kubatonmax, a Protest Warrior 11:45, 2006 Jan 29 (PST)

Combine, Combine, Combine[edit]

This topic should be combined with FTP. FTPS article should also be combined with FTP article.12.110.196.19 18:38, 3 April 2006 (UTC)

Disagree with (at least) the first. SFTP a different protocol to FTP. — Matt Crypto 18:43, 3 April 2006 (UTC)
Same here. FTP and SFTP are completely different beasts. Do not combine them into one article. -- Ernstdehaan 08:17, 9 May 2007 (UTC)

SCP not deprecated[edit]

This article says SCP is deprecated. However, as far as I can see, SCP is not deprecated, just (intentionally) limited compared to SFTP. -- Ernstdehaan 09:24, 9 May 2007 (UTC)

I agree - I cannot find any mention of SCP being deprecated, except by certain vendors of commercial SFTP software. Is there some standards committee somewhere that says SCP is deprecated?

http://www.openssh.org/faq.html#2.10 says:
2.10 - Will you add [foo] to scp?
Short Answer: no.
Long Answer: scp is not standardized. The closest thing it has to a specification is "what rcp does". Since the same command is used on both ends of the connection, adding features or options risks breaking interoperability with other implementations.
New features are more likely in sftp, since the protocol is standardized (well, a draft standard), extensible, and the client and server are decoupled.
Since there was never any attempt to standardize SCP, there is no standards committee that could deprecate it, but from the above you can get the gist of what the maintainers of the most commonly used, open-source implementation (from which most other implementations are forked) think of it. --David-Sarah Hopwood ⚥ (talk) 22:19, 10 September 2011 (UTC)

SFTP is not FTP over SSH[edit]

I think this comment should be re-considered and worded a bit clearer:

A common misconception is that SFTP is simply FTP run over SSH; in fact it is a new protocol designed from the ground up by the IETF SECSH working group. It is sometimes confused with Simple File Transfer Protocol.

Is it really a "common" misconception that people think that SFTP is technically FTP via an SSH tunnel? It sounds like more of an assumption on the part of the writer to me.

I think that this statement just brings up cause for arguing semantics (like it already has). The way people are "commonly" reading it is: SFTP is not FTP over SSH.

Technically, it is a File Transfer Protocal implementation via SSH.

198.186.144.216 (talk) 18:04, 28 November 2007 (UTC)

Uninformative[edit]

I've just read this entire article, and still have no idea what it is talking about. — Chameleon 10:34, 19 December 2007 (UTC)

References[edit]

Struggling to find any suitable references for this one. Anyone got any suggestions? Wordwizz (talk) 13:06, 3 July 2008 (UTC)

SCP – what is the article trying to say here?[edit]

Quoting the article:

Compared to the earlier SCP protocol, which allows only file transfers, the SFTP protocol allows for a range of operations on remote files – it is more like a remote file system protocol. An SFTP client's extra capabilities compared to an SCP client include resuming interrupted transfers, directory listings, and remote file removal. For these reasons it is relatively simple to implement a GUI SFTP client compared with a GUI SCP client.

  • Surely it's no more or no less a remote file system than FTP is? A file system works with any program which works with files, and neither of them do, unless you install and configure weird pseudo-file systems.
  • How can this make it simpler to implement a GUI SFTP client? Sure, if you define a "GUI client" as "a file manager like Norton Commander or Windows Explorer", it will be a bitch to implement it without a way to get a directory listing ... is that what the article is trying to say?
  • I get the feeling that someone is just mad at "the earlier" SCP because it's not SFTP, and tries to knock it. If so, better not mention it at all.

JöG (talk) 19:32, 3 October 2008 (UTC)

Cryptography and Version History[edit]

There is no discussion of the cryptographic algorithms used. What makes this secure? Also, no direct comparison of versions are made. How about a table showing version features or maybe a Version History section? Stephen Charles Thompson (talk) 23:45, 15 April 2009 (UTC)

SFTP as a protocol is not secure. The fact that it is most commonly used on the SSH protocol (as the name implies) is what makes it secure. I don't know that this would be worth a new section. —Preceding unsigned comment added by 68.184.142.176 (talk) 14:30, 10 October 2009 (UTC)

File transfer speed, SCP vs SFTP[edit]

That's only true for naive implementations of the SFTP protocol not using pipelining on the client side. In practice, most SFTP implementations (i.e. OpenSSH sftp) offer the same performance as SCP. —Preceding unsigned comment added by Sfandino (talkcontribs) 11:50, 24 January 2010 (UTC)


The SFTP spec says that pipelined requests are permitted, so SCP won't be faster than SFTP on a well written SFTP server. This section is wrong and should be removed. --24.77.131.106 (talk) 15:12, 10 June 2010 (UTC)

No mention of key based authentication and encryption?[edit]

The word 'key' doesn't appear anywhere. There needs to be coverage of public key based authentication and encryption (bidirectional) specifically as it applies to SFTP. —Preceding unsigned comment added by Vanyo (talkcontribs) 19:08, 4 March 2010 (UTC)

To quote from the article: "[SFTP] is also intended to be usable with other protocols as well". For a discussion of public key based authentication and encryption see the Secure Shell article TerraFrost (talk) 04:37, 28 April 2010 (UTC)