A brief discussion on the differences between FTP, FTPS and SFTP

Whether it is a network disk or cloud storage, uploading is a very simple operation. What is the meaning of the FTP protocol used by those convenient and easy-to-use upload and organization tools, and what are the differences between the complex modes?

Ergouzi recently built a photo sharing website. Every day many people upload many photos to his website. These photos will also be synchronized to Youpai cloud storage through internal logic, which is very convenient.

But problems arose soon after. Since the user photo management plan was not done well at the beginning, as more and more pictures were uploaded by users, the content of cloud storage became more and more chaotic, and Ergouzi felt very uncomfortable watching it. So, taking advantage of today's rest, Ergouzi decided to make some adjustments.

Ergouzi opened the Yapai Cloud Console and searched up and down but couldn't find the function to move the corresponding files to the corresponding directory. After seeking help from Upyun customer service, the customer service Weiwei told him that he could use FTP tools to manage cloud storage files. She also provided Ergouzi with a detailed help document - FTP tool to connect to Upyun cloud storage document [https://help.upyun.com/knowledge-base/developer_tools/].

Ergouzi finally connected to the cloud storage through the FTP tool. After some operations, Ergouzi successfully organized the photos neatly. Looking at this storage interface that would satisfy and comfort people with obsessive-compulsive disorder, and then looking at the FTP tool that could create this effect, Er Gouzi nodded with satisfaction and decided to go all out and thoroughly understand FTP and see if FTP has any other useful functions.

Introduction to FTP, FTPS and SFTP

FTP

Before looking at the relevant functions, Ergouzi discovered that the client has three different protocols, namely FTP, FTPS and SFTP. In order to figure out what these were, Ergouzi opened the universal encyclopedia.

First, let's understand what FTP is. Wikipedia says: FTP, or File Transfer Protocol (English: The abbreviation of File Transfer Protocol), is an application layer protocol used to transfer files between clients and servers on computer networks. A complete FTP consists of an FTP server and an FTP client. The client can upload local files to the server through the FTP protocol, and can also download files from the server to the local computer. It is one of the oldest file transfer protocols in use today and is a very convenient way to move files.

How FTP works

An FTP connection requires two parties, an FTP server and a client, to establish communication on the network. There are two different communication channels when establishing an FTP connection. One is called the command channel, and its role is to issue and respond to commands. The other is the data channel, which is used for data exchange between the client and the server.

When transferring files using FTP, users are required to obtain permission to transfer files by providing credentials to the FTP server. Of course, some public FTP servers may not require credentials to access their files, but the security of data transmission cannot be guaranteed. Sending any unencrypted data on a public network is very dangerous. Therefore, in order to protect the security of transmitted data, the following two protocols are derived from FTP: FTPS and SFTP.

FTPS

Next, Ergouzi did some research and found that FPTS has two modes: FTPS Implicit SSL and FTPS Explicit SSL, both of which are encrypted with SSL. So what is the difference between the two?

• FTPS Implicit SSL: This mode usually runs on port 990. In this mode, all data exchanges require an SSL session to be established between the client and the server, and the server will reject any connection attempts that do not use SSL.

• FTPS Explicit SSL: The server can support both FTP and FTPS sessions under explicit SSL. Before starting a session, the client needs to establish an unencrypted connection with the FTP server and send the AUTH TLS or AUTH SSL command to request the server to switch the command channel to the SSL encrypted channel before sending the user credentials. After the channel is successfully established, the user credentials are sent to the FTP server to ensure that any commands during the session can be automatically encrypted through the SSL channel.

Let me give you a quick and simple summary. When implicit mode is enabled, the default FTP port is changed to TCP/990, the server automatically establishes a secure connection, and requires the client to also support the secure connection mode, that is, to use SSL for connection. When explicit mode is enabled, the connection method and default port are the same as FTP, but the secure connection can only be activated by using the AUTH SSL/TLS type command before data can be transmitted normally.

SFTP

Finally, let’s take a look at SFTP. SFTP is the abbreviation of Secure File Transfer Protocol, also known as secure file transfer protocol.

If FTPS adds a layer of SSL to the FTP protocol, then SFTP is a protocol based on the network protocol SSH (Secure Shell) and is completely different from the FTP mentioned above. SFTP does not use separate command and data channels. Instead, both data and commands are transferred in specially formatted packets over a single connection.

SFTP provides two methods of authenticating the connection.

• Just like FTP, you only need to verify your user ID and password when connecting. However, unlike FTP, these credentials are encrypted, which is the main security advantage of SFTP.

• In addition to passwords, you can also use SSH keys to authenticate and connect via the SFTP protocol.

After understanding these protocols, Ergouzi found it easier to use the FTP client tool. He could change the protocol and encryption method according to his needs without worrying about not understanding a certain setting.

However, new questions arise. Ergouzi sees that the transmission modes in the transmission settings here are divided into active and passive. What does this mean? He asked questions when he didn’t understand, and opened Baidu or Google…

The difference between active mode and passive mode of FTP software

Active Mode

Generally, the default mode of FTP is active mode, also called port mode.

It works in two steps:

• First, a random port on the client establishes a command channel with FTP port 21 on the server. The client sends a PORT command to specify that the server connects to one of the client ports and establish a data channel.

• The server then connects from port 20 to the client port specified for the data channel. Once the connection is established, file transfers can occur over these client and server ports.

Passive Mode

In the transfer mode column, you can also manually adjust to passive transfer mode. In this mode, when the client transfers files, it will first connect to port 21 on the server through a random port A, and issue a PASV command to establish a command channel, telling the server that this is a passive mode connection. The server then opens a random port for data transmission, and the client establishes a data channel through a random port B that is different from the port that issued the command, thereby performing file transfer.

The difference between passive mode and active mode is that the client initiates the data connection. In active mode, after the client establishes a connection on the command channel, the server initiates a data connection with the client. In passive mode, after the command channel is established, the client initiates the data connection with the server.

Because of this difference, we can draw the advantages and disadvantages of both. For example, active mode is helpful for managing FTP servers because you only need to open "in" port 21 and "out" port 20. However, since the port through which the server connects to the client is random, the client may trigger the firewall or even be directly blocked by the firewall. On the contrary, passive mode is beneficial for managing clients.

I didn't expect that a seemingly simple storage tool actually has so many classifications and differences. Different modes and methods can correspond to different needs. It seems that when using the tool in the future, you can still learn a little bit of relevant knowledge, which can make the tool more convenient and comfortable to use~