SFTP (SSH File Transfer Protocol)

The SSH File Transfer Protocol ensures that data is trans­ferred securely between two com­mu­nic­at­ing parties, which has become essential for many work processes in companies. For example, field service agents send their work results to the company headquar­ters, the server ar­chi­tec­ture of a company network is kept up to date and secure via remote main­ten­ance and repair in­struc­tions are accessed online by the on-site repair tech­ni­cian. To do this, data must be trans­ferred bi­d­irec­tion­ally over an Internet con­nec­tion to and from the company server. Files for websites are also sent in this way to the cor­res­pond­ing web spaces. The File Transfer Protocol (FTP) has been used to perform this data transfer since 1971.

Data man­age­ment via FTP is similar to working in Windows Explorer, Mac Finder or Linux Nautilus. The dif­fer­ence is that data is trans­ferred to and from the remote servers. The transfer tunnel to and from the user (FTP client) and server (FTP server) always presents a potential point of attack for data theft and tampering or the in­tro­duc­tion of malware into the user’s system. Not to mention, the lower the security standard is, the greater the threat, and FTP is very low. Using FTP, the username and access password are sent in plain text (i.e., un­en­cryp­ted). Potential attackers can thus intercept the login in­form­a­tion and gain un­au­thor­ised access to the FTP client and server - with obvious con­sequences.

To avoid these potential attacks, SFTP was developed as an al­tern­at­ive with sig­ni­fic­antly improved security.

One of the measures taken to improve the security of FTP data transfer was the de­vel­op­ment of the SSH (Secure Shell) File Transfer Protocol. This protocol ensures secure au­then­tic­a­tion between com­mu­nic­at­ing parties. As soon as a client starts the login process, the server verifies the client’s identity via and with SSH. The two-way au­then­tic­a­tion is performed using cer­ti­fic­ates and the public and private key procedure. Access is only au­thor­ised if the SFTP client’s key fits the SFTP server’s “door lock.” The server verifies whether the client has “unlocked” the data tunnel with a matching key.

This key consists of a randomly generated sequence of letters, numbers, and special char­ac­ters with a fixed number of bits. This is called a cryp­to­graph­ic protocol. It enables com­mu­nic­a­tion to be encrypted even when using an unsecured Internet con­nec­tion.

There is a bi­d­irec­tion­al SSH tunnel between the client and the server through which au­then­tic­a­tion and data transfer are conducted. This tunnel is fully encrypted so that no attacker can access any data. The data thus arrives at the recipient without having been tampered. If an attacker still attempts to modify the data while it is being trans­ferred, SSH will detect the tampering and im­me­di­ately terminate the con­nec­tion.

Data transfer using the SSH File Transfer Protocol thus protects against the following:

• Modi­fic­a­tions made to the IP address of a data packet – i.e., IP spoofing
• Re­dir­ec­tion of the ori­gin­ally addressed computer name to the attacker’s IP address (i.e. DNS spoofing)
• In­ter­cep­tion by an attacker of access data in plain text
• Tampering of the trans­ferred data by an attacker

In the (S)FTP program, the protocol is selected in the dialogue box where the login in­form­a­tion is entered. In the client ap­plic­a­tion FileZilla shown below, this is the server manager. Usually, you will not need to select a port as the port is auto­mat­ic­ally set to 22 when SFTP is selected.

You should check once again that the server address is correct. When you look at the entry for the server, you will see that the correct port, port 22, is being used since the entry displays “home….-data.host:22”. By selecting the checkbox next to “Always trust this host, add this key to the cache” and then clicking “OK,” the con­nec­tion data will be saved and the encrypted con­nec­tion es­tab­lished.

This data will not be requested again the next time a con­nec­tion is es­tab­lished since the SFTP client iden­ti­fies itself to the SFTP server with the unique key. This digital signature encrypts all data transfers, including the login data for es­tab­lish­ing the con­nec­tion. The status window in the FTP program will display any no­ti­fic­a­tions about the progress of the download or upload.

The main dif­fer­ence is that au­then­tic­a­tion and any data traffic between the client and server are encrypted in SFTP data transfers. Even if an attacker succeeds in in­ter­cept­ing the data, they will not be able to use it. If the SSH File Transfer Protocol detects any login in­form­a­tion that has been tampered with or any attempted attacks, it will im­me­di­ately terminate the con­nec­tion. The following is a brief overview of the dif­fer­ences between FTP and SFTP:

The technical security of this cryp­to­graph­ic data transfer should be improved upon both on the client’s side and server’s side with ad­di­tion­al security features. This includes decisions regarding things such as physical location, the physical security of the SFTP server, and secure data storage for clients accessing the server. Generally, if you are careless with data, you will face the con­sequences sooner or later.