Back to DocsFTP vs SFTP: Which to Use?
| FTP | SFTP | |
|---|---|---|
| Security | ❌ Traffic in clear | ✅ Encrypted (via SSH) |
| Port | 21 | 22 (same as SSH) |
| Server Installation | Requires vsftpd/ProFTPD | Already included in OpenSSH |
| Firewall | Problems with passive mode | No problems |
| Recommended | Private networks only | ✅ Always |
Always use SFTP when possible. FTP sends username and password in clear.
SFTP (No Configuration Needed)
If SSH works on server, SFTP already works: uses same port and credentials.
From Terminal (Linux/Mac/WSL)
# Basic connection
sftp root@185.100.xxx.xxx
# With custom port
sftp -P 2222 root@185.100.xxx.xxx
# With SSH key
sftp -i ~/.ssh/id_rsa root@185.100.xxx.xxx
Interactive SFTP commands:
ls # list remote files
lls # list local files
cd /var/www # change remote directory
lcd ~/Desktop # change local directory
get file.txt # download file
put file.txt # upload file
get -r /var/www/html # download entire directory
put -r ./dist # upload entire directory
mkdir new-dir # create remote directory
rm file.txt # delete remote file
exit # disconnect
With rsync (More Efficient for Large Transfers)
# Upload folder (only modified files)
rsync -avz --progress ./dist/ root@185.100.xxx.xxx:/var/www/html/
# Download folder from server
rsync -avz root@185.100.xxx.xxx:/var/backups/ ./backup-local/
# With custom port
rsync -avz -e "ssh -p 2222" ./dist/ root@185.100.xxx.xxx:/var/www/html/
FTP with vsftpd (Ubuntu/Debian)
Use FTP only if necessary (e.g. CMS or software that doesn't support SFTP).
Installation
sudo apt install vsftpd -y
Secure Configuration
sudo nano /etc/vsftpd.conf
Recommended configuration:
# Enable write
write_enable=YES
# Local users (no anonymous)
local_enable=YES
anonymous_enable=NO
# Chroot: each user sees only their home
chroot_local_user=YES
allow_writeable_chroot=YES
# Passive mode (needed if firewall/NAT)
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=50000
# SSL/TLS (FTP over TLS = FTPS)
ssl_enable=YES
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
force_local_data_ssl=YES
force_local_logins_ssl=YES
sudo systemctl restart vsftpd
sudo systemctl enable vsftpd
Open Firewall Ports
# FTP port + passive range
ufw allow 21/tcp
ufw allow 40000:50000/tcp
Create Dedicated FTP User (No SSH Access)
# Create user without shell
sudo useradd -m -s /usr/sbin/nologin ftpuser
sudo passwd ftpuser
# Set home as FTP root
sudo chown ftpuser:ftpuser /home/ftpuser
FTP Server on Windows
To create FTP server on Windows Server:
- Physical path: e.g.
C:\inetpub\ftproot - Binding: port 21, no certificate (or SSL if available)
- Authentication: Basic
- Authorization: specific users in read/write
- Server Manager → Add Roles and Features
- Select: Web Server (IIS) → FTP Server → FTP Service
- After installation: IIS Manager → Sites → Add FTP Site
- Configure:
- Open port 21 in Windows Firewall
Recommended FTP/SFTP Clients
| Client | OS | SFTP | FTP | Notes |
|---|---|---|---|---|
| FileZilla | Win/Mac/Linux | ✅ | ✅ | Free, intuitive GUI |
| WinSCP | Windows | ✅ | ✅ | PuTTY integration |
| Cyberduck | Mac/Win | ✅ | ✅ | Free, also cloud |
| Transmit | Mac | ✅ | ✅ | Paid, very fast |
Guide: PuTTY and FileZilla for detailed FileZilla setup.
Related articles
Change Root Password
How to change your server's root password and how to recover it if forgotten
First Server Access
What to do immediately after activating your VPS or VDS
SSH Keys
How to generate and configure SSH keys for secure password-less access
DeluxHost, founded in 2023, offers high-quality hosting solutions for various digital needs. We provide shared hosting, VPS, and dedicated servers with advanced security and global data centers.
