The original File Transfer Protocol (FTP) was first published back in 1971 and later revised to work with TCP/IP in 1985. It has been around longer than the world wide web and remains a standard that we still use even today, but it hasn’t changed much since it was created. It relies on very relaxed security principles from a time before malicious intent was of any real concern, transferring a username and password in plain-text to authenticate with a remote server.
Without encryption, any number of attacks can be used to compromise the accounts and data, making it one massive vulnerability in the network. That is where more recent protocols and implementations become invaluable, such as FTPS, SFTP and SCP to name a few. The acronyms can make it a bit confusing to tell them apart, but at the core, they all emphasize some type of encryption to secure transfers between two remote locations.
Since SFTP is considered to be one of, if not the best choice in most cases, this article will look at the top SFTP Servers available for Windows, Linux and Mac systems. First, we will compare these two and the important distinctions between SFTP and FTPS, where we can better understand why this is preferred to the alternative.
SFTP vs FTPS Servers for SSH File Transfers
SFTP and FTPS may appear similar in name, but they are vastly different in terms of the underlying transport method and how they operate. FTPS, better known as FTP over SSL, just adds an additional layer of security to the existing FTP protocol. It builds upon an inherently flawed system and as such, tends to introduce some unnecessary complexities. It uses a secondary data channel and multiple ports, which can complicate firewall configurations. It also lacks consistency in regards to directly listing formats, character set encodings, etc.
SFTP on the other hand doesn’t use FTP at all, it is actually just a secure shell (SSH) that understands FTP commands. It also uses a single data channel, where both the login credentials and the files are encrypted and transmitted between the client and server. This makes is quite a bit more simple to implement and maintain from an administration perspective.
Although one is not necessarily more secure than the other, SFTP is definitely the superior choice in most cases. Since SFTP is basically a packaged feature with SSH servers, and secure shells are widely used, it requires very little work to setup and use.
Here’s 10 of the Best SFTP Servers of 2019:
- SolarWinds SFTP Server
- Bitvise SSH Server
- Tectia SSH Server
- Cerberus FTP Server 10
- Rebex Tiny SFTP Server
- Buru SFTP Server
- Syncplify.me Server
- CompleteFTP SFTP Server
- MacOS Native SSH Server
Although SSH has traditionally been associated with Linux based machines, a number of 3rd party tools do exist to bring SSH support for Windows as well. In fact, even Microsoft seems to have taken notice, where they have began introducing native SSH support as of Windows 10 and Windows Server 2016. As these are fairly recent developments though, most will prefer to stick with the more well known vendors for the time being.
1. SolarWinds SCP Server (Free)
As part of their award winning, all inclusive software suite, the SolarWinds SFTP Server is a feature rich solution for Windows, with support for TFTP and SCP transfers as well. Trusted by household brand names such as Apple and Cisco, SolarWinds is a first choice for their networking tools in both commercial and personal environments.
One of the most notable differences we see with SolarWinds is an exclusive reliance on virtual user accounts. Although Active Directory and system accounts can be attractive, perhaps even the right path for some circumstances, it can also create some vulnerabilities if configured incorrectly. In effort to balance the ease of use and maintain tight security practices, this creates a layer of separation that prevents unauthorized root access. Unless this is a deal breaker for your particular needs, it is otherwise a fully functional solution with a large variety of features available.
2. Bitvise SSH Server (Free)
Bitvise SSH is a powerful, light-weight server application for Windows that supports both SFTP and SCP file transfer capabilities. In many ways it is similar to SolarWinds, with several notable changes that set it apart from the competition.
As one of the most important differences that we touched on above, SolarWinds enforces the use of virtual accounts only, where Bitvise supports Active Directory and system accounts as well. When properly setup, this can offer a greater amount of flexibility for system admins to configure ad hoc access in a variety of ways. Since this can however leave the machine vulnerable, they also feature a locked file transfer mode, preventing users from tunneling or accessing the terminal shell.
That aside, it also has one of the most user friendly GUI interfaces of any SFTP server, making for a quick and straightforward setup. Not only does it have a pretty face, it is also compliant with FIPS, HIPAA and PCI validations, with state of the art encryption security measures from the Crypto++ 5.3.0 DLL library.
3. Tectia SSH Server ($150)
From the developers of the SSH protocol, Tectia offers a robust, enterprise grade SSH Server at a premium price. Designed for business critical applications, it maintains full support across Windows, Unix, Linux and even IBM mainframes. Furthermore, it is compliant with X.509 PKI and smartcard authentication such as PIV and CAC cards.
It shares no code base with the open source version and is intended for use in commercial environments, where missing critical data must be fully secured. It is the fastest enterprise grade SFTP solution on the market, with speeds up to 2.5x faster than the open source variant, and fully integrates with SSH.com key management solutions.
Utilized by 4 of the world’s 5 largest banks, the IRS and even NASA’s Space Flight Center, Tectia SSH Server is the premiere choice of SFTP servers on the market.
4. Cerberus FTP Server 10 ($599)
Cerberus FTP Server is a robust, feature packed solution with support for SFTP file transfers, along with other protocols such as FTPS and HTTPS. It is HIPAA compliant and FIPS-2 validated, meaning it has been certified for use in regulated industries, such as financial and health-care institutions where sensitive information is being transmitted. Cerberus also offers 2 factor authentication, file integrity checks and automated IP bans, which aim to provide an additional layer of security to the system.
Unfortunately it does comes with a hefty price tag attached, where the lower cost Personal license ($89) and Standard license ($299) are lacking a few features including SFTP. As such, this is likely to be a consideration only for medium to large organizations, where other more affordable solutions cannot meet the full list of requirements.
5. Rebex Tiny SFTP Server (Free)
As a no-frills, minimalist alternative to other solutions, the Rebex Tiny SFTP Server is the perfect choice for testing in small environments. It requires almost no setup or configurations and works right out of the box, just unpack the ZIP file and run the executable to get started.
While it is free for both commercial and non-commercial use, it only supports (1) concurrent user at a time, limiting the potential for all but home networks. Still, it remains an excellent tool to have at your disposal when first getting started with SFTP. For developers, the source code is also available, which may serve as a good entry point for embedded applications that require secure file transfers.
6. Buru SFTP Server (Free)
From the same developers at Rebex Labs, Buru SFTP Server is a lightweight, feature rich alternative for Windows. It is entirely free for both personal and non-profit use, but also offers a commercial license priced at $299 per machine. In contrast to many free/paid solutions on the market however, Buru SFTP Server actually maintains the exact same functionality across both versions, making this a great value for the average user.
Similar to their Tiny SFTP Server, it works without any fuss. To get started, just extract the archive and launch the software, although an optional installer is available as well. It supports unlimited users and connections, virtual path mappings, password and public key authentication, and even features web-based administration tools.
7. Syncplify.me Server! (Free)
For the security minded users, Syncplify.me Server! is a full featured SFTP server package with some extra goodies not found in comparable products. The most notable addition is Syncplify.me Protector™, a unique intrusion system that can detect external attacks such as DoS, DDoS and brute force, performing automated mitigation using an AI core without any sysadmin intervention.
Syncplify.me Server! is completely free for personal use, and can even be used in corporate environments for evaluation purposes. Otherwise, a commercial license is available starting at $199, where the cost covers the number installations per machine.
8. CompleteFTP Server ($299)
True to its name, CompleteFTP is an all inclusive family of products that support FTP, FTPS, SFTP, HTTP, HTTPS and SCP… pretty much every file transfer protocol in existence. The first two are available in the free edition, but SFTP and the other choices require a paid license starting out at $299 per machine.
Branded as the most customization SFTP Server for Windows, they do pack a massive range of features in to the different versions. Other than being limited to FTP and FTPS, the free version does offer unlimited users, concurrent connections, virtual file-system, etc. making for a great solution out of the box similar to that of Filezilla. As our focus in on SFTP though, the next tier in licensing includes this protocol plus remote administration, auto banning and some other lesser extras. Past that, we get in to corporate oriented tools, such as clustering, custom authentication and events, and so on.
As SSH is frequently used to manage remote Linux servers, and SFTP is usually part of that implementation, most distros will already have some variant of this installed by default. We already looked at the Tectia SSH Server and Crush FTP above, both of which offer multi-platform support, but we will focus on the exclusive OpenSSH server which is utilized in almost every Linux around the world.
OpenSSH is a freely available version of the secure shell (SSH) protocol, which we will need in order to use SFTP for secure file transfers. Once the packaged is installed and the daemon is active, it will begin listening for incoming connections on port 22 with the standard configurations. In order to install it or check that it is installed, we can either use apt-get or yum depending on the distribution of Linux loaded on your machine.
$sudo apt-get install openssh-server
After OpenSSH is installed, we can start it up and begin listening for incoming connections. It utilizes local system accounts for authentication, and their file system permissions to control the level of access. By default, most users will have full read/write privileges within their own home directory, restricting them from reaching other areas of the file system.
In cases where you would like to make adjustments to the server settings, such as the listening port, log levels or root login permissions, we can use a text editor such as Nano to modify the configuration file. This file is named sshd_config and located in the /etc/ssh directory on the machine.
$sudo nano /etc/ssh/sshd_config
Once you are satisfied with the configured settings, go ahead and save the file and close it out. We can go ahead and reboot the service so that our changes can go in to effect.
$sudo service ssh restart
Since SSH and SFTP both use the same protocol to authenticate and establish a connection, if you can connect to the machine via SSH, that concludes all necessary requirements to use SFTP as well. From the command line, go ahead and test this out using the following command.
sftp [email protected]_server_ip_address
Apple Mac Compatible:
While Macs are marketed to be a consumer device and rarely found in server environments, the back-end is actually based on the Unix platform and equipped with a number of server type features built-in to the software. For home based networks or small business needs, this can serve as a perfectly capable interim solution.
MacOS Native SSH Server
Since SFTP operates through a secure shell, we will actually enable the SSH server within the MacOS to activate this feature. Go to System Preferences -> Sharing Applet, then click the checkbox next to Remote Login, where this will turn on the SSH Server for all system users. No additional configurations are required in order to use it, existing account permissions are used to delegate access to each individual user, controlling what files and directories they can view when connected.
Although the native MacOS SFTP server may not have all the bells and whistles found in other solutions, it should be more than sufficient for the most common requirements. It’s simple to setup, integrates with the existing user account permissions and best of all, it is completely free to use.
As one of the most widely supported and easy to use protocols for secure file transfers, there is really no reason you shouldn’t be using SFTP. Most distributions of Linux and even MacOS have native support for it, plus dozens of 3rd party options are available for Windows too. The additional security it offers comes with almost no additional overhead to use, and there isn’t any shortage of tools to set it up, both free and paid are readily available. When compared to basic FTP, it is far superior at protecting your data from prying eyes.