How secure is the SFTP protocol?

Many of our users know the FTP protocol very well, and they are aware that FTPS is the same protocol protected by a SSL/TLS connection. But when it comes to SFTP, we’re challenged pretty frequently with the question “how secure is SFTP?“.

The easy one-line answer would be: SFTP is very secure. But that is obviously not a real answer, therefore if you want to know more (and why/how it is secure), please, read on.

Similarly to SSL/TLS, the SFTP protocol also implements more than just one encryption scheme. Such encryption schemes are sometimes also called “cipher suites”. There are many of them, and not all of them are safe. Just consider that, if it’s true that SSL supports several “NULL” encryption schemes, SSH (the protocol SFTP runs under) itself supports a “NONE” encryption method.

It is indeed very clear that, at least, the “NONE” encryption scheme should be disabled in order to run a SSH/SFTP server that has some form of security. But that is still not enough.

In fact, SSH can also support several encryption schemes that – today – are proven to be weak; algorithms like DES or 3DES (for instance) as well as all algorithm implementations that use less than 128 bits for the key, should be disabled. Server! provides a very detailed and granular configuration of such encryption methods, as you can see in the screenshot here below.


But since tweaking the encryption configuration can take a lot of time (if one has to configure every single option manually), Server! also provides a handy drop-down selector to quickly configure your protocol security options for the most common scenarios.

You can therefore apply a 1-click PCI compliant SFTP configuration, or settle down for a more compatible (yet less safe) configuration, or you can decide to optimize your Server! SFTP protocol as a backup destination for your Cisco UC/UCM. Of course you can also always apply further fine-grained configurations manually.

Print Friendly, PDF & Email
Bookmark the permalink.

Comments are closed.