FTP is something known to almost anyone who deals with networking of any kind, and especially those of us who have for many years! But FTP even since the beginning has had several remarkable flaws – most notably it's lax security. While it does have the ability to perform authentication, the credentials are sent in pure clear text, making it staggeringly vulnerable to any kind of efforts to compromise! FTP data can also become ‘lost' so to speak and isn't as well controlled, making it vulnerable to being intentionally snatched up away from its intended server/client connection.
SFTP aims to, and very successfully does, remedy many of these issues and more. As the ‘S' in the acronym implies, Secure File Transfer Protocol is indeed, just that, secure. It utilizes SSH and prevents any un-encrypted transfer of credentials and other relevant login information. SFTP also has another advantage – when initializing the first portion of a transfer it will generate a “fingerprint”, which the client system has no idea what is or will be, such that it must be repeated back properly to the server for any transfer to take place. In short, SFTP provides all the same functionality and performance of FTP but removes the glaring and staggering security flaws.
For casual transfers between friends or of unremarkable files in a small office it may be no real concern, but anything being transferred that is of any value, or with any kind of public network (remember, even though we shouldn't reuse passwords, it still happens.. someone sniffing up an FTP password might be able to apply it elsewhere!) should be kept to SFTP!
Top SFTP Server Software of 2018:
SolarWinds SFTP/SCP Server
SolarWinds' SFTP server comes with TFTP and SCP-server functionality as well, something which is pretty common with servers of these types. This makes it delightfully easy to perform all manner of transfers to a variety of devices, and to do so securely! SolarWinds also has a wide range of other software offerings, especially in the realm of networking, which gives a little added value here due to the ease of integration and expansion, though on its own the TFTP/SFTP/SCP server is totally free and fully functional!
OpenSSH is a great option for open-source free server needs, especially as it also covers a range of other SSH-based server needs, too! It's particularly common and popular in the Linux type environments, and although the Windows version does exist it's a little more clunky than some of the more graphically driven options that exist out there for Windows.
OpenSSH has a SFTP-Server add-on that will allow you to utilize it as an SFTP server – its definitely not nearly as easy to setup and configure as Solarwinds Server from above.
Tectia's SSH server, which of course handles many protocols including SFTP, is somewhat remarkable in one particular way. It's a SSH/SFTP server from the very creators of the SSH protocol itself! As a result it's a pretty robust and reliable piece of software, but on the flip side it is far from free and is geared more to enterprise level applications.
Download: Client/Server trials available, http://www.ssh.com/products/tectia-ssh
Price: $150+ depending on particular license/package
Bitvise SSH Server
BitVise is a great option for Windows simply because it's well designed for it! Many servers are console based or somewhat clunky or minimalist, or sometimes require text-document based configuration. BitVise is much more GUI driven and a lot easier to setup and configure than some other options, as a result.
Download: Free evaluation version available, https://www.bitvise.com/download-area
Price: $99.95 per server license with additional cost per year of license (one-year is free, two years $19.95, three years $39.90)
Cerberus' FTP program is another that supports a range of versions of SSH and version types. It boasts a small range of reasonably useful and unusual features such as a web-based transfer client, email notifications, as well as some policy-based settings for file retention and event support, along with robust reporting for HIPAA and other needs! As such it is a little pricy versus some options but does have a free trial.
Download: Free trial available, https://www.cerberusftp.com/
Price: $79 for personal license up to $1,295 for enterprise license
Syncplify boasts itself to be one of the ‘best' SFTP servers for Windows, and considering that it is widely used and fairly feature robust, it's not an unreasonable claim to make in the realm of paid SFTP servers. It has an excellent GUI-driven interface, PCI/HIPAA compliance, as well as a range of automation via script and event handling!
Download: Free trial available, http://www.syncplify.me/download/
Price: Basic for $199, Professional for $399, and Ultimate for $749
SRT Titan FTP Server
SRT's Titan FTP Server is another option that is geared much more towards large implementations in need of a great deal for scalability, regulation compliance, and other more powerful features. It's got a hefty price tag but does offer a free trial, thankfully! It boasts improved compression for faster transfer times, as well as a full range of server compatibility, remote administration, and of course it's web-based user interface, if the appropriate version is purchased.
Download: Free trial available, http://southrivertech.com/products/titan-ftp-server/
Price: $1,259.95 for basic enterprise version, $1,949.95 with web-based user interface option
Core FTP Server
Core FTP has several options, and it's worth pointing out that they offer a totally free “mini-sftp” server that is fairly feature light but fully functional if your needs aren't that complex! Their full-fledged FTP Server, which of course does proper SFTP as well, has a much wider range of features and functionality that makes it far more scalable and useful for a larger environment with complex transfer needs.
Download for Core Free Mini-SFTP is on the same page.
Price: Basic for $49.95, Standard for $99.95, Business for $199.95, Enterprise for $399.95
Rebex Tiny SFTP Server
Much like Core's Free “Mini” server, this self-proclaimed “Tiny” server is just that. It requires almost no setup or installation, essentially no configuration, and simply does what it needs to do. Very light on features and meant for quick and easy testing or other short-term or immediate needs.
GlobalScape EFT Server
GlobalScape, who also make the rather well known light-weight FTP client called CuteFTP, has an “Enhanced File Transfer” server, which enables SFTP transfer as well as several other protocol types! This program is far more enterprise oriented with a huge range of functionality in terms of security and accountability – it also has full support and flexibility for transfers to/from mobile devices, tracking of data transfers all throughout their path, scalability, automation, regulatory compliance, and plenty more!
Price: Must contact for price quote, humongous range of cost depending on license/needs
Cornerstone MFT Server
The Cornerstone MFT Server is another program by SRT – it offers pretty much all of the functionality of their Titan server and plenty more. This is another option geared much more towards larger enterprise level needs with a definite requirement for large amounts of scalability and accountability, especially with regulatory compliance. It boasts a great deal of added security, load-balancing, native 64-bit implementation, automated intrusion handling, wide-spread automated file synchronization, and is heavily written about and reviewed in white papers.
Price: Must contact sales for quote
freeFTPd and it's sibling program, freeSSHd, are a pair of free and light-weight servers that are reasonably full featured! They provide all the basic functionality of SSH/SFTP and flexbility for some basic features beyond just connecting/transferring files!
Wing FTP Server 4
Wing's FTP Server is a nice low-to-midrange option that retains some scalability and more complex features while not carrying as heavy of a price tag or learning curve. It does lack somewhat for more large enterprise type needs, but it also offers a bit more functionality than some of the more basic options, so it could be a nice mid-range choice! It handles all manner of FTP/HTTP transfers, offers a web-based client, supports multiple domains on the same IP, is compatible with numerous operating systems, as well as audited, LUA scripted, and several other powerful features not generally found in some of the free or cheaper options!
Download: Demo available at http://www.wftpserver.com/
Price: $199 for single Standard edition license, scales up from there based on quantity and edition, site license available for $2500 flat
JScape MFT Server
JScape is another MFT styled option, a “Managed File Transfer”, which is intended to provide a wide reaching swathe of features for managing every step and overseeing every aspect, securely, of transfers. It provides heavily secured transfers that meet a range of compliance requirements and boasts “platform independence”, making it easy to access, retrieve, and send files without having to fuss with particular little nuances of different platforms that may be running across a larger enterprise! They even have brandable web-based interfaces for use with customers, clients, or end-users. A very flexible option for larger enterprise needs!
Price: Several options available, prices start in the $4,299 range, with options for test/failover licenses at a discount
GoAnywhere's MFT server is built for redundancy and scalability, while still providing powerful functionality for load balancing with it all encompassed by a convenient web-based administration interface. The easy setup and configuration of clusters make sure that this particular MFT option remains ever-available and performing well, when those two particular metrics are especially important! It does lack some of the more specific and robust features of some of the other enterprise-level MFT options, but does have its own couple niche advantages that may make it stand out in just the right way for your particular needs!
Price: Must contact for pricing information/reseller
CrushFTP covers many different protocols on top of Secure File Transfer Protocol including SCP, HTTPS, WebDAV, and FTP(ES) for inbound connections and many more protocols outbound. So files coming into the server can trigger events which then alert other services, or transfer the files to locations like Amazon S3, Azure, or other remote file servers, etc.
The User Manager has powerful group management and VFS controls for storing files locally or streaming through to back end servers. You could easily put this server's powerful Web Interface overtop of another vendors server for example if you wanted to. When data is passing through CrushFTP, it can be transparently streamed and encrypted via PGP before it ever hits the disk or arrives at the third party server location.
Events that run and trigger jobs can do any number of actions such as querying a DB, posting to a RESTful web server, copying a file, executing a native app, emailing someone the results, and more. Authentication to the server can be processed by different systems such as Active Directory via LDAP, SAML, or even “MagicDirectory” where a folder's name defines a user and grants them access to that folder. A One-Time Password via SMS could be used to secure the server and ensure the user is who they say they are.
Robot IPs are automatically weeded out and banned without any interaction. Everything with CrushFTP is managed through a web browser interface and the admin dashboard, Jobs, User Manager and Preferences.
Price: $40 Home Use, $100 for Professional Use, and $70 for Business
With so many options, and with how easy it is to setup, there's really no excuse not to use SFTP in most any case where you would use FTP previously. The added level of security comes with almost no overhead, and there is little to no added difficulty in setup or configuration!
FTP does what it needs to do, transfer files, and it does it well but it's analogous to handing someone a poster-board with all your proprietary or personal information to carry around town, rather than a locked briefcase.. It just doesn't cut it in terms of basic security anymore!
We recommend Grabbing a Copy of the SolarWinds FREE SFTP Server software and get it installed and you'll see how a Free solution works just as well as a Paid solution.