FTPS versus SFTP versus SCP

FTPS is FTP using the SSL/TLS protocol for encryption. This is different from the SCP/SFTP family of protocols which use SSH as their transport tunnel.

You will usually use client programs like WinSCP for SCP and SFTP (SFTP is an upgraded version of SCP), whereas you would usually use a web browser or web Download manager (like Filezilla) for FTPS.

FTPS is web-based, using a text command syntax and semantics, whereas SFTP is based on the secure shell protocols common on *NIX systems.

This article describes the differences nicely: http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c14329/FTPS-vs-SFTP-What-to-Choose.htm


Edit: To expound as requested:

FTP is an Internet protocol that goes back to 1971 (with a number of updates over the years). It is primarily focused on content distribution and in the case of FTPS, uses SSL to provide protection from eavesdropping and illicit modification. FTP authentication requires SSL, to protect credentials in transit.

Most browsers require an external plugin to utilize FTPS, in part because it is no longer a commonly used protocol. When it was popular, web browsers were almost exclusively HTTP only, and everyone used a separate FTP client. At the time FTP/FTPS made the most sense, HTTP was not capable of handling file downloads well. It wasn't until HTTP\1.1 was published in 1997 (and updated in 1999) that HTTP could properly handle binary streams.

It is notable that HTTP and FTP use almost identical semantics and syntax, and even use the same well known return codes (200, 301, 403, 404, 500, etc). FTP is somewhat older (HTTP was standardized in 1989 after TCP\IP became dominant). The significant similarities between the two protocols indicate a shared lineage, or at least a set of shared conventions. I think that is more than sufficient reason to call FTP "Web-Based", alongside other core application layer protocols like HTTP, SMTP, and DNS (though DNS uses a binary layout, not Text like HTTP/FTP/SMTP).

The SSH family is a set of protocols focused on server administration and remote access to the servers processing capability, rather than simple content distribution. It allows privileged users of a system to connect to a shell to perform work on the server itself. SCP and SFTP were developed to support the many file management tasks related to that work. Imagine you need to install an update to your Apache instance on a remote server. you ssh in, use scp\sftp to upload the update package, and then execute it to install. Quite a different work flow than you can achieve with FTPS.

I hope that helps clarify.


SCP is the file transfer tool from SSH. It requires SSH on both client and server. It is not interactive.

SFTP is another file transfer tool that can be used with SSH (so it again may require SSH on both client and server) or with any other compatible secure connection tool, since it is intended to be independent of SSH. It is interactive like the old plain FTP. Note that it is not FTP over SSH, but a new protocol.

FTPS is plain old FTP over SSL.