cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Trevor
Commander Commander
Commander
‎07-31-2025 09:38 PM
  • 674 Views

sFTP vs scp

Is sFTP more secure than scp?

Trevor "Red Hat Evangelist" Chandler
Join the discussion
10 Replies
shashi01
Moderator
Moderator
‎07-31-2025 09:43 PM
  • 583 Views

@Trevor 

Both are secure in terms of encryption, but sFTP is generally the better choice today. It’s more robust, reliable, and actively maintained, especially for automated tasks or when you need detailed control. SCP is okay for quick one-offs, but sFTP is the smarter option long-term

Trevor
Commander Commander
Commander
‎07-31-2025 10:09 PM
  • 579 Views

Hello shashi01, thank you for your response.

You mentioned that "sFTP is generally the better choice today".  Is that your way of saying that it is MORE secure than scp?

You mentioned that "sFTP is more robust, reliable, and actively maintained..."   Is that your way of saying that it is MORE secure than scp?

You mentioned that "sFTP is the smarter option long-term".  Is that your way of saying that it is MORE secure than scp?

is sFTP MORE secure than scp?

 

Thanks shashi01

Trevor "Red Hat Evangelist" Chandler
0 Kudos
shashi01
Moderator
Moderator
‎07-31-2025 10:18 PM
  • 575 Views

@Trevor 

Think of it like sending two couriers to deliver sensitive documents. Both ride motorbikes with the same engine (SSH encryption), but one wears full body armor, uses GPS with traffic alerts, and follows a well-maintained route (sFTP).

The other rides fast but blindfolded, no helmet, and takes shortcuts through sketchy alleys with potholes and no fallback plan if he crashes (scp). Both might get the job done, but only one does it safely, reliably, and smartly. That’s why sFTP is the better security choice

Chetan_Tiwary_
Community Manager
Community Manager
‎08-01-2025 08:07 PM
  • 530 Views

@Trevor  to answer your query in one line - YES  and why ? because it was deprecated in 2019 by OpenSSH and hence sftp is now the new normal .

https://access.redhat.com/articles/6955319#:~:text=The%20OpenSSH%20package%20that%20ships,Red%20Hat%...

Chetan_Tiwary__0-1754074542677.png

                                               now the real backstory ........

There are several security weaknesses in many scp clients. These flaws allow a malicious server to attack a user's computer.

A major issue is that many clients don't check if the files they receive are the ones they requested. This problem dates back to scp's predecessor, rcp, from 1983.

This, combined with other client flaws, means an attacker can do a few things:

  1. Write arbitrary files to your target directory.
  2. Change the permissions of that directory.
  3. Fake the client's output, hiding what is really happening.

For example, a malicious server can secretly put a file like .bash_aliases into your home directory when you try to copy files from it. To hide this extra transfer, the server sends special code to your screen that makes the text vanish. This can also happen with a Man-in-the-Middle attack, where the attacker intercepts your connection.

 

Refer the bomb here : https://access.redhat.com/security/cve/cve-2019-6111 

only SFTP can set file permissions (like using the chmod command), giving you more control over what users can do to specific files.

sftp is also more reliable because it confirms every single data packet it receives. This acknowledgment process makes it far less likely to lose data compared to scp, which does not have this feature.

So, yes if scp was safer it would not have been deprecated !

https://bugzilla.redhat.com/show_bug.cgi?id=1666127 

Cyrille_V
Mission Specialist
Mission Specialist
3 weeks ago
  • 329 Views

One vote for sFTP here. Especially if you prefer GUI securily transfer of files. Filezilla (free ftp/ssh/sftp client) does support sftp since years. Also does support ssh key authorizationj, sometthing almost mendatory nowadays.

 

Chetan_Tiwary_
Community Manager
Community Manager
3 weeks ago
  • 323 Views

@Cyrille_V yup , thanks for your inputs!

Trevor
Commander Commander
Commander
3 weeks ago
  • 301 Views

Cyrille_V, the GUI to me is the equivalent of sitting on a wooden seat vs a seat with a cushion

Trevor "Red Hat Evangelist" Chandler
Blue_bird
Starfighter Starfighter
Starfighter
3 weeks ago
  • 274 Views

yes, sftp is more secure than scp..!


SCP is an older protocol that has not evolved significantly over time and is known to have vulnerabilities. SCP is a relatively simple protocol designed only for secure file copying, lacking the advanced features of SFTP.

SFTP encrypts data in transit, safeguarding personal, financial, and health information. Common encryption algorithms used with SFTP over SSH include Advanced Encryption Standard (AES), Blowfish, and Secure Hash Algorithm (SHA-2).

SFTP and SCP operate over SSH, requiring authentication before any data transfer. However, SFTP offers extensive file management capabilities beyond simple file transfer. With SFTP, users can create and delete directories, organize and remove files, modify file permissions, and compress or decompress files.

Thanks

Chetan_Tiwary_
Community Manager
Community Manager
3 weeks ago
  • 249 Views

spot on @Blue_bird !

Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2025 Red Hat, Inc. Privacy policy Terms of use