Hero image.

FTP over SSH enables the secure transmission of files across the web. It works by first establishing an SSH tunnel between the client and the server. Once an SSH tunnel has been established, it is used by the File Transfer Protocol (FTP) to send data back and forth. In this scenario, the FTP handles the transfer of information while the SSH tunnel ensures that the data is transmitted in a secure fashion.

Nowadays, FTP over SSH is not seeing widespread use as it is difficult to set up. Fortunately, other protocols have emerged such as SFTP and FTPS. These alternatives offer a more integrated and convenient way of transferring data while ensuring a high degree of protection.

To learn more about FTP over SSH, how it compares to the alternatives, and whether you should be using it or not, continue reading or jump to the section that interests you.

How Does FTP Over SSH Protect My Data?

FTP over SSH ensures the integrity and protection of the transferred data using an encrypted SSH tunnel. The tunnel is set up between the FTP client and the FTP server. Once the SSH tunnel is created, any data that flows through it will be protected from the outside world thanks to encryption.

The data transmitted using FTP over SSH is protected thanks to the encrypted tunnel created through SSH.
The data transmitted using FTP over SSH is protected thanks to the encrypted tunnel created through SSH.

That said, the setup is actually more complex than it sounds. The issue arises from the fact that the interaction between the FTP client and the FTP server takes place over two or more FTP ports. As such, in order to protect the entire FTP interaction, it is necessary to adjust the SSH tunnel to cover all FTP ports that are used in the data exchange.

Normally, data transfers through FTP utilize at least two FTP ports. The first port, which is 21, is reserved for the Control Channel. The Control Channel is responsible for establishing the FTP connection and for user authentication. In addition, the Control Channel is used to set up the Data Channel. The Data Channel is utilized for the transfer of files between the FTP client and the FTP server.

Protecting the exchange of data that occurs in the Control Channel is easy since it is known in advance that the Control Channel always uses port 21. As such, the port can be included in the SSH tunnel with minimal effort. The issue arises with the Data Channel because its port is dynamically negotiated between the FTP client and the FTP server.

If the SSH tunnel covers just port 21, then only the transmission of usernames and passwords will be encrypted. The files that are sent between the server and the client will remain unprotected and will be susceptible to man-in-the-middle attacks. So, in order to have complete protection, the port that is used in the Data Channel must also be included in the SSH tunnel.

FTP exchanges take place on two channels. One is the Control Channel and the other is the Data Channel.
FTP exchanges take place on two channels. One is the Control Channel and the other is the Data Channel.

The solution to fully enveloping FTP traffic inside an FTP tunnel is to use SSH clients that are aware of the FTP protocol and can rewrite FTP Control Channel messages. Doing so will allow the SSH client to set the FTP port that will be used for the Data Channel. And once the channel is known, it can be included in the SSH tunnel, thus ensuring data integrity and overall security.

What Is SSH?

SSH, also known as Secure Shell is a protocol that enables the encryption of data that is transmitted over a network such as the Internet. SSH works on the client-server model where you have SSH clients that connect to remote SSH servers.

Once you are connected to a remote server via SSH, you can run command-line applications on the remote computer. In addition, SSH enables the secure transfer of files across the web.

SSH is considered an advanced feature and as such it is found only on our most premier hosting plans. You can use SSH functionality only on our top paid shared hosting plans, on our Semi-Dedicated server packages, and our Virtual Private Server instances.

To learn more about SSH and its capabilities, you can check our detailed guide to SSH.

Get Rock-Solid Hosting with SSH Support!

Is FTP Over SSH the Same as FTPS?

The terms FTPS and FTP over SSH are often confused with one another, however, there are some distinct differences between the two. As explained earlier, FTP over SSH takes the regular File Transfer Protocol and channels it through an SSH tunnel.

In contrast, FTPS, which stands for FTP over SSL/TLS, still uses the regular File Transfer Protocol, however, it augments it with SSL or TLS for added security. SSH is not used in FTPS at all. For additional information on FTP over SSL/TLS, you can check our article on what is FTPS.

Is FTP Over SSH the Same as SFTP?

Despite their almost identical naming, FTP over SSH and SFTP (SSH File Transfer Protocol) are two independent technologies. While both protocols use SSH for encryption, they differ significantly in their implementation.

As previously discussed, FTP over SSH uses the standard File Transfer Protocol on top of an SSH session. In contrast, SFTP is an SSH extension that enables the secure transmission of files and other data between an SFTP server and an SFTP client.

We should note that SFTP and FTP over SSH use completely different implementations for their respective File Transfer Protocol. In fact, the only similarity between the two technologies is that they both use SSH at some level.

You can learn more about SFTP by reading our article on the subject.

Get Premium Hosting with Full SFTP Support!

Is FTP Over SSH the Same as FTP?

FTP over SSH differs from FTP in that it augments the file transfer process by using an SSH tunnel to secure the connection between the FTP client and the FTP server. When the SSH tunnel is set up properly, it is capable of encrypting not only the data that is transmitted but also the FTP credentials that are exchanged while the FTP connection is set up.

Apart from this added security, FTP over SSH is practically the same as FTP as they both use the exact same File Transfer Protocol to transmit data across the web. You can learn more about FTP in our article on what is FTP and you can experiment with FTP by signing for our free hosting plan or any of our paid hosting packages.

Should I Use FTP Over SSH?

Nowadays, the use of FTP over SSH is discouraged. The reason for this is that it is needlessly difficult to set up a properly secured connection using FTP over SSH. As a result, you will not find many servers that still support FTP over SSH.

Instead, you should consider using SFTP. SFTP also utilizes SSH as its encryption mechanism and provides the same level of protection as FTP over SSH. However SFTP is much easier to set up and you will find widespread support for it, including on our own Semi-Dedicated servers and Virtual Private Server instances.

Get Your Own Private Server Now!

Can I Use FTP Over SSH With Every FTP Server?

Not every FTP server will support FTP over SSH. In fact, nowadays it is very rare to see an FTP server that supports FTP over SSH out of the box.

If you have the technical know-how, you should be able to configure a connection that uses FTP over SSH as long as both the client and the server support FTP and SSH. Moreover, you should have accounts on both machines with a sufficient degree of privileges to execute the necessary commands. That said, we believe that using SFTP instead of FTP over SSH will be much more streamlined and efficient.

Conclusion

FTP over SSH is a method of using the File Transfer Protocol to exchange data with a remote FTP server while also encrypting and protecting the data from third parties. The protection is provided by an SSH tunnel that is established between the client and the server.

Overall, FTP over SSH is difficult to set up and does not see widespread use. Instead, technologies like SFTP have become the norm as they are easier to use while offering the same or even better protection than FTP over SSH.


Keep reading