The File Transfer Protocol (FTP) is one of the original internet protocols used for the transfer of large files. The modern internet has a number of tools to transfer files such as email attachments and various transfer websites, but those methods have their limitations. FTP, with added security such as that offered in SFTP and FTPS, is still one of the best tools for transfering files. But, to use it, you’ll have to set up an SFTP server. Here’s our top list of the 10 best SFTP servers out there.
A primer: FTP vs FTPS vs SFTP
These terms all vary by one letter, but that letter is important.
FTP File Transfer Protocol: The original protocol and its major limitation is that it sends logins and data unencrypted. Login information, as well as the file itself, are sent “in the clear” in plain text that an observer can see.
FTPS File Transfer Protocol Secure (also known as FTPES): This is secure FTP, where the S in this case represents Transport Layer Security (TLS) encryption. This is essentially a basic FTP server that knows how to negotiate an encrypted TLS tunnel to transfer data through.
SFTP Secure File Transfer Protocol: This is also secure FTP, but in this case the S represents Secure SHell (SSH). This isn’t really an FTP server at all. Rather, it is an SSH server that understands FTP commands. Login information and files are transferred encrypted via SSH. To make matters even more confusing, the original intention of the abbreviation SFTP was Simple File Transfer Protocol defined by RFC 913, but has been relegated to “Historic” status and no longer used.
SCP Secure Copy: This is not an FTP protocol, but it is widely used to securely transfer files, so it bears mentioning here. SCP is a very simple file copy from one machine to another using the SSH protocol. The FTP protocols have a wide range of file management abilities that SCP does not.
Best Free SFTP and FTPS servers for Windows
Full featured free SFTP and FTPS servers
SolarWinds is a complete suite of IT tools. Enterprise-level suites wouldn’t be complete without an SFTP server, and SolarWinds includes a powerful SFTP and SCP server as part of its offering.
The SolarWinds SFTP server download is a zip file that extracts into an MSI installer. Once the install is complete, setting it up is as simple as launching the program and specifying a few options such as allowed protocols and allowed transfer options.
There’s also a built-in SCP server which makes sense since both SFTP and SCP use SSH to accomplish their tasks. You can configure the SolarWinds SFTP server to also allow SCP by selecting “Both” protocols.
On the users tab, you can create user accounts and specify details such as which network interface to use.
2. FileZilla FTPS
FileZilla is a well known FTP server and client suite. The server itself only runs on Windows, but since there are Filezilla clients for almost every conceivable operating system, it is a good choice. There’s no requirement to use the FileZilla client to connect to a FileZilla FTP server, but streamlining the products can help with support issues. Filezilla server supports FTPS, but not SFTP. The client supports both.
3. IIS FTPS Server
An often overlooked FTPS server is available right within Windows Server. If you’re already running Internet Information Services (IIS), you can add the FTP server role, then create TLS certificates, and have a full featured FTPS server running alongside your IIS server very quickly.
Stemming from FreeSSH, FreeFTP is a full-featured SFTP server for Windows. It supports all flavours of FTP including SFTP and FTPS. As the name suggest, it is free and supports the creation of arbitrary users which makes it ideal for a quick SFTP setup on a Windows network.
During installation, you can chose to run FreeSFTP as-needed, or you can install it as a system service. The latter means it will run all the time and be available for your SFTP users.
Ensure that you download the latest version (greater than 1.0.11). A vulnerability was discovered in version 1.0.11 which has been patched in 1.0.12 and the current version is 1.0.13.
Standalone free SFTP and FTPS servers (no installation required)
5. Xlight FTP server
Xlight FTP server comes in a variety of versions, including a portable standalone version that requires no installation. With 32-bit and 64-bit editions, it will run on Windows 2000, XP, Vista, 7, 10, 2003 Server, 2008 Server and 2012 Server. It even has localization files which will allow your SFTP server to display text in a variety of different languages, or you can write your own language file if the language you need is not already available.
6. Core Mini SFTP Server
Core Mini FTP server is a free SFTP server that requires no installation routine. You can simply download it, specify a username and password, the directory to be used for FTP transfers, and you’re up and running. Keep in mind that the SFTP server will run as your user so there’s no protection against SFTP users mangling your files. Be sure to specify a harmless or empty directory for FTP use.
Best Free SFTP and FTPS servers for Linux
Since SFTP runs on SSH, most Linux systems just come with SFTP ready to go. FTPS is a different story and requires a dedicated FTP server that supports TLS, but when SFTP is so easy to set up on a Linux host, it’s hard to come up with good reasons to run FTPS.
On a standard Linux system most valid users will be able to use any SFTP client to connect to the server and transfer files to and from their home directory. However, allowing remote user access is usually considered a security risk so many system administrators will disallow this access. The most most common ways to do this is to disallow users’ shell access, or block the SFTP port (22, same as SSH) to specified IP addresses.
Assuming those restrictions are not in place, any SFTP client that can connect to port 22 on an SFTP server should work well.
$ sftp email@example.com firstname.lastname@example.org's password: Connected to 184.108.40.206. sftp> pwd Remote working directory: /home/test-sftp sftp>
The downside to the ease in which SFTP is so easily setup on most Linux distributions is that also means SSH is just ready to go. That implies a level of trust in your users which may not be commensurate with reality. If you have untrusted or unknown SFTP users, you may want to impose restrictions on what they can do on the system. There are many ways to achieve this, such as only allowing the SFTP engine to run which disallows regular SSH logins, or you can use an app such as MySecureShell to do the heavy lifting.
MySecureShell supports access control lists, which are the heart of granular control over user access. It is included in many distribution repositories so you can just use your package manager to install it:
$ sudo apt-get install mysecureshell [sudo] password for jdw: Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: mysecureshell
After installation, some basic modifications may need to be done to the app’s configuration file in /etc/ssh/sftp_config and then you’ll be up and running.
Vsftp is a free FTP server for Unix-like systems, including Linux. It is known for being very fast, stable, and consuming few systems resources. The extensive feature list includes support for virtual users (non-system users), the ability to listen on any interface, per-user configuration and rate limiting or throttling to avoid dos-type attacks or usage.
Many of the best-known Linux distributions run vsftp as their FTP server, which speaks volumes to its security and stability. Part of that pedigree may stem from the fact that the app’s maintainer, Chris Evans, has a history of discovering security vulnerabilities himself.
Vsftp is in most Linux distributions and can be installed via your package manager.
$ sudo apt-get install vsftpd Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: vsftpd
As with most Linux tools, a quick run through the /etc/vsftp.conf file is necessary to set some basic configuration options, and then your vsftp server is ready to go.
9. ProFTPd configured to use SFTP
ProFTP was built from the ground up out of a need to displace wu-ftp as a widely-used FTP server. Wu-ftp had become unwieldy due to years of modifications made necessary by insecurities in the app and eventually it became more productive to just build a new FTP client from scratch.
ProFTP is inspired somewhat after the Apache webserver. You can mostly see this in the format of the configuration files, and in the fact that it uses modules to load needed functionality. In this case, you’ll want to use ProFTP with the mod_sftp module loaded in order to attain SFTP functionality.
The ProFTP website provides a few example configurations to get you started on the right track.
FTP remains a very important part of the internet toolset despite the fact that it inherently lacks security. Much like the HTTP protocol has had TLS bolted onto it for security to form what we now call HTTPS, FTP has had both TLS and SSH merged into it in order to provide encryption and security. There are few other tools that so easily allow arbitrarily large file transfers. Many organizations will continue to use SFTP or FTPS for a long time to come.
FileZilla server by The Windows Club