Secure FTP refers to the process of tunneling a normal FTP session over an SSH connection.

The 'Secure FTP' label is misleading in that only the control channel is secured; the data channel is still transmitted in cleartext outside of the SSH tunnel. This is a marked difference to sftp or scp where the entire conversation [credentials and data] are encrypted.

Because of the way FTP works, a Secure FTP session may not be as secure as you think. When you log into an FTP site, change directories or get a directory listing your commands are being transmitted over the control channel on port 21 to the FTP server. Since you are tunneling port 21 over SSH the commands are encrypted and kept safe from prying eyes. However, the actual file transfer is happening over the data channel on some other, random, port which is not in the tunnel and is therefore available for anyone to sniff.

Hence, if you want secure file transfer capability you probably shouldn't use plain FTP. Try either scp or sftp instead to securely transfer files over the Internet.

See also

• ftp
• SSH, scp, SSH file transfer protocol (sftp)