SCP (Secure Copy) is based on the Secure Shell (SSH) protocol and it provides the capabilities to transfer files securely between hosts. SFTP (Secure File Transfer Protocol) is a protocol used for transferring files over a secure channel. It was developed as an extension of the Secure Shell protocol (SSH) by the Internet Engineering Task Force (IETF). SFTP assumes that the channel used for communication is secure and that the client is authenticated by the server and the information about the client is available for the use of the protocol.
What is SFTP?
SFTP is a protocol used for transferring files over a secure channel. SFTP is based on the client-server architecture. A widely known SFTP server is OpenSSH, and SFTP clients are implemented as command line programs (as provided with OpenSSH) or GUI applications. SFTP provides encryption for both data and commands that are transferred providing safety for sensitive information such as passwords. SFTP is not only a protocol for accessing and transferring files, it is actually a file system protocol.
What is SCP?
SCP protocol provides a secure method to transfer files between hosts. Simply, SCP can be considered as an integration of RCP (‘remote copy’ command on UNIX) and SSH. Encryption and authentication in SCP is provided using the SSH protocol, while BSD (Berkeley Software Distribution, sometimes called Berkeley Unix) RCP provides the foundation for the actual file transfer. SCP runs on port 22. SCP prevents third parties from intercepting file transmission and looking at the content of data packets. When a client uploads a file to the server, it is given the option to include properties such as a timestamp, permissions, etc. This capability is not provided in the commonly used FTP (File Transfer Protocol) protocol. When a client needs to download a file/ directory, it first sends the request to the server. Downloading is a server driven process, where the files are fed by the server to the client. This server driven mechanism can cause a risk in security especially if the server is malicious.
What is the difference between SFTP and SCP?
Even though both SFTP and SCP provide a secure mechanism for transferring files, they have some differences. SCP is a simple protocol that only allows transferring files, whereas SFTP provides a broad set of operations for managing remote files. Furthermore, when comparing a SFTP client with a SCP client, SFTP client possesses additional abilities such as removing files remotely, resuming transfers that are interrupted, etc. In addition, SFTP is more platform independent when compared with SCP. SFTP servers are available in several platforms, while SCP mostly uses Unix platforms. When comparing the speeds, SFTP is slower than SCP, since it requires waiting for encrypting and conformation of packets. SFTP provides support for files over 4GB, while SCP does not. SFTP provides the ability to cancel a file transfer without terminating the session, whereas with SCP, the session needs to be cancelled for cancelling a transfer. Furthermore, resuming a transfer is supported with SFTP, while SCP does not support that.