The File Transfer Protocol (FTP) is one of the original internet protocols used for the transfer of large files. The modern internet has a number of tools to transfer files such as email attachments and various transfer websites, but those methods have their limitations. FTP, with added security such as that offered in SFTP and FTPS, is still one of the best tools for transferring files. But, to use it, you’ll have to set up an SFTP server.
We cover each of the tools in depth below, but if you are short of time, here’s our list of the best free SFTP and FTPS servers:
- SolarWinds SFTP/SCP Server (FREE TOOL) – Secure file transfer utility for Windows from the industry leader in network management tools.
- Filezilla FTPS – Great secure FTP server that runs on Windows but can receive files from any operating system.
- IIS FTPS Server – Windows-based secure FTP server that is integrated into Windows Server and will protect your file transfers with encryption.
- Free FTP – Slimline Windows utility that gives you secure file transfers either as an ad-hoc tool or as a system service.
- Syncplify.me SFTP server – This is a paid secure FTP utility that runs on Windows. You can run a non-commercial assessment version for free.
- Rebex Tiny SFTP Server – Secure file transfer system that can be integrated into your own custom-built software through .NET libraries.
- CrushFTP – Simple, but attractive FTP utility for Windows; the server is free for a 30-day trial and the client is free forever.
- Cornerstone MFT server – Managed File Transfer (MFT) is a paid secure file transfer system that runs on Windows and is free for a 30-day trial.
- Globalscape SFTP server – A range of secure file transfer options under the umbrella term “Enhanced File Transfer” that can be accessed in the Cloud or installed on Windows. These are paid tools that can be sampled on free trials.
- Titan FTP server – This FTP utility includes FTPS and SFTP for protected file transfers and it runs on Windows Server 2008 and Windows Server 2012. This is a paid service, but you can get a 20-day free trial.
- Syncplify.me Micro SFTP server – Syncplify.me is a paid SFTP server for Windows that has a free trial period, but the Micro edition is permanently free.
- Xlight FTP server – Standalone FTP server for Windows and Windows Server environments that accesses Active Directory to enforce use authentication.
- Core Mini SFTP Server – A free standalone SFTP server for Windows and Linux.
- MySecureShell – Secure FTP service that runs on Linux and has access controls.
- Vsftp – Fast and secure FTP server utility for Unix, Linux, and Mac OS.
- ProFTPd – A consolidating rewrite of wu-ftp for Linux that acts a lot like the Apache web server.
- PureFTPD – Secure file transfer facility for Unix and Unix-like platforms, including Linux.
- VanDyke Software VSHell – Enterprise-grade SFTP and SCP server for Windows and Unix. Easy to use with good granular user permission controls.
- 1 What’s the difference: FTP vs FTPS vs SFTP vs SCP
- 2 Client or Server?
- 3 SCP vs SFTP: Considerations
- 4 Full featured free SFTP and FTPS servers:
- 5 Standalone free SFTP and FTPS servers (no installation required)
- 6 Best Free SFTP and FTPS servers for Linux
- 7 Best Free SFTP and FTPS servers for both Windows and Linux
What’s the difference: FTP vs FTPS vs SFTP vs SCP
These terms all vary by one letter, but that letter is important.
File Transfer Protocol (FTP)
The original protocol and its major limitation is that it sends logins and data unencrypted. Login information, as well as the file itself, are sent “in the clear” in plain text that an observer can see.
File Transfer Protocol Secure (FTPS)
(also known as FTPES): This is secure FTP, where the S, in this case, represents Transport Layer Security (TLS) encryption. This is essentially a basic FTP server that knows how to negotiate an encrypted TLS tunnel to transfer data through.
Secure File Transfer Protocol (SFTP)
This is also secure FTP, but in this case, the S represents Secure Shell (SSH). This isn’t really an FTP server at all. Rather, it is an SSH server that understands FTP commands. Login information and files are transferred encrypted via SSH. To make matters even more confusing, the original intention of the abbreviation SFTP was Simple File Transfer Protocol defined by RFC 913, but has been relegated to “Historic” status and no longer used.
Secure Copy (SCP)
This is not an FTP protocol, but it is widely used to securely transfer files, so it bears mentioning here. SCP is a very simple file copy from one machine to another using the SSH protocol. The FTP protocols have a wide range of file management abilities that SCP does not.
Client or Server?
Confusingly, a GUI utility that implements the SSH File Transfer Protocol is termed an SFTP client although it can also be an SFTP server. The SFTP client designation signifies that this piece of software initiates connections. It is also called a server because it is usually part of the file server where backup configurations are stored.
SCP vs SFTP: Considerations
SCP is just a copy function. SFTP has its own environment. It allows you to move files on the remote system, change directory and even create directories on the remote host. Both SFTP and SCP use the same security procedures to enforce user authentication and protect transmissions with encryption over the connection. However, SFTP gives the user much more access to functions to manipulate the operating system. You would be more likely to use SCP for straightforward file transfers.
As both systems require user authentication, there is a risk if you put either into a batch job, because you would have to supply a username and password in the call to the command. However, you could limit the potential that anyone discovering the user account on the remote system by creating a restricted access user account for that computer, which prevents anyone accessing that account from getting out into any other directory other than the account’s home directory. However, this strategy would negate many of the functions that provide SFTP with its advantages.
A secure transfer to a remote host carries less risk if it is carried out with SCP because there is no command language incorporated into that protocol. SFTP is more suitable for use by a systems administrator performing interactive manual tasks and transfer on a remote computer.
Full featured free SFTP and FTPS servers:
Editor’s choice: SolarWinds is a complete suite of IT tools. Enterprise-level suites wouldn’t be complete without a secure FTP server, and SolarWinds includes a free and powerful SFTP and SCP server as part of its offering.
The SolarWinds SFTP/SCP Server download is a zip file that extracts into an MSI installer. Once the install is complete, setting it up is as simple as launching the program and specifying a few options in the user interface such as allowed protocols and allowed transfer options.
There’s also a built-in SCP server which makes sense since both SFTP and SCP use SSH to accomplish their tasks. You can configure the SolarWinds SFTP server to also allow SCP by selecting “Both” protocols.
On the users tab, you can create user accounts and specify details such as which network interface to use.
Setup is simple and SolarWinds supports both SFTP and SCP. With concurrent transfer support and the ability to authorize only specific IPs, it offers powerful features at no cost.
Setup is simple and SolarWinds supports both SFTP and SCP. With concurrent transfer support and the ability to authorize only specific IPs, it offers powerful features at no cost.
Official Site: www.solarwinds.com/free-tools/free-sftp-server/
2. FileZilla FTPS
FileZilla is a well known FTP server and client suite. The server itself only runs on Windows, but since there are Filezilla clients for almost every conceivable operating system, it is a good choice. There’s no requirement to use the FileZilla client to connect to a FileZilla FTP server, but streamlining the products can help with support issues. Filezilla server has a snappy user interface and it supports FTPS, but not SFTP. The client supports both. The difference between the FTP and FTPS implementations is the addition of TLS authentication and transfer protection using public key encryption.
3. IIS FTPS Server
An often overlooked FTPS server is available right within Windows Server. If you’re already running Internet Information Services (IIS), you can add the FTP server role, then create TLS certificates, and have a full featured FTPS server running alongside your IIS server very quickly.
Stemming from FreeSSH, FreeFTP is a full-featured SFTP server for Windows. It supports all flavours of FTP including SFTP and FTPS. As the name suggest, it is free and supports the creation of arbitrary users which makes it ideal for a quick SFTP setup on a Windows network.
During installation, you can chose to run FreeSFTP as-needed, or you can install it as a system service. The latter means it will run all the time and be available for your SFTP users.
Ensure that you download the latest version (greater than 1.0.11). A vulnerability was discovered in version 1.0.11 which has been patched in 1.0.12 and the current version is 1.0.13.
5. Syncplify.me SFTP server
Syncplify is an extensible SFTP servers which can run custom scripts. If you find that you have to jump through hoops to fit your SFTP server into your unique workflow, Syncplify may be the tool you’re looking for.
The free/evaluation edition has all the features of the Ultimate edition, but it only accepts a single connection and is not licensed for use in production. Other benefits of upgrading to the paid version of the SFTP server include security consideration. You can use RSA public key encryption with the free edition, but the paid version of the tool includes many more authentication and encryption options.
6. Rebex Tiny SFTP Server
The Rebex Tiny SFTP server is free for all uses, including commercial use. It runs on WIndows XP up to Windows 7, and also supports Windows Server 2002, 2008, and 2012 editions. It is limited to a single user, but comes packed with features. It requires no setup, and contains full logging capabilities as well as support for public/private key logins instead of passwords.
It’s also worth mentioning that Rebex provides full .NET libraries to allow developers to include SFTP code in their own apps. The libraries are not free, but worth a look if you’re a .NET developer with a project like that on hand.
CrushFTP is Windows-based FTP server that leverages compression, hence the name “Crush”. It compresses the files being transferred and streams the compressed data across the network, greatly reducing transfer time for many types of files.
CrushFTP also has some security measures built in, including user authentication routines that access Active Directory on your host. It can protect from brute-force login attacks by automatically banning attacking IPs, and the robust user management includes virtual file systems and permissions inheritance. The CrushFTP server has a 30-day trial and the client is always free.
8. Cornerstone MFT server
Cornerstone MFT(Managed File Transfer) is an SFTP server that addresses enterprise requirements. MFT is an umbrella term that indicates a higher level of control and audit than normal ad-hoc FTP client/server relationships normally provide. The advent of MFT was to address the need for transparent logins, higher security during transfer, and more visibility into file transfer progress and success or failures.
Cornerstone offers PGP-encrypted remote file storage. Data can be encrypted on the fly so there is never a point where unencrypted data is waiting on the disk to be encrypted. In addition, Cornerstone provides perimeter protection mechanisms such as two-factor authentication.
You can give Cornerstong MFT a try with its 30-day trial version to see if it fits your needs.
9. Globalscape SFTP server
Globalscape has coined the phrase “Enhanced File Transfer” (EFT) to refer to their “Managed File Transfer” (MFT) product.
Globalscape’s EFT server can be deployed in a high-availability (HA) configuration including load balance and cluster configurations. In addition, Globalscape offers both on-premise and cloud products, so you can select the best EFT solution for your situation.
There is a 30-day free trial for Enterprise and SMB. While there is a free trial for the Cloud version as well, it’s not clear how long the trial period is.
10. Titan FTP server
Titan FTP Server supports regular FTP, as well as FTPS and SFTP. It is HIPAA compliant, which makes it ideal for use in hospitals and government agencies across the globe. It runs on Windows Server 2008 and Windows Server 2012.
In addition to simply providing file transfer services, Titan FTP server bundles some security measures which can defend against brute-force attempts, and full auditing capabilities so system administrators know what is happening on their servers.
Account management can be tied into Windows NT/SAM authentication in the Enterprise Version, and fine-grained account management such as automatic account expiry is included.
Titan offers a 20-day trial of its FTP server.
Standalone free SFTP and FTPS servers (no installation required)
11. Syncplify.me Micro SFTP server
In addition to the free/evaluation edition, Syncplify also offers a Micro SFTP server for Windows. It is a completely contained portable SFTP server that can be run from a USB stick. Unlike the free/evaluation edition of the full Syncplify SFTP server, the Micro server edition is completely free to use in any situation including production and commercial uses. You would need to step up to the paid service if you want remote file directory access through SSH.
12. Xlight FTP server
Xlight FTP server comes in a variety of versions, including a portable standalone version that requires no installation. With 32-bit and 64-bit editions, it will run on Windows 2000, XP, Vista, 7, 10, 2003 Server, 2008 Server and 2012 Server. This tool can access your Active directory implementation to validate user authentication. It even has localization files which will allow your secure FTP server to display text in a variety of different languages, or you can write your own language file if the language you need is not already available.
13. Core Mini SFTP Server
Core Mini FTP server is a free SFTP server that requires no installation routine. You can simply download it, specify a username and password, the directory to be used for FTP transfers, and you’re up and running. Keep in mind that the SFTP server will run as your user so there’s no protection against SFTP users mangling your files. Be sure to specify a harmless or empty directory for FTP use.
Best Free SFTP and FTPS servers for Linux
- VandDyke VShell
Since SFTP runs on SSH, most Linux systems just come with SFTP ready to go. FTPS is a different story and requires a dedicated FTP server that supports TLS, but when SFTP is so easy to set up on a Linux host, it’s hard to come up with good reasons to run FTPS.
On a standard Linux system most valid users will be able to use any SFTP client to connect to the server and transfer files to and from their home directory. However, allowing remote user access is usually considered a security risk so many system administrators will disallow this access. The most most common ways to do this is to disallow users’ shell access, or block the SFTP port (22, same as SSH) to specified IP addresses.
Assuming those restrictions are not in place, any SFTP client that can connect to port 22 on an SFTP server should work well.
$ sftp firstname.lastname@example.org email@example.com's password: Connected to 22.214.171.124. sftp> pwd Remote working directory: /home/test-sftp sftp>
The downside to the ease in which SFTP is so easily setup on most Linux distributions is that also means SSH is just ready to go. That implies a level of trust in your users which may not be commensurate with reality. If you have untrusted or unknown SFTP users, you may want to impose restrictions on what they can do on the system. There are many ways to achieve this, such as only allowing the SFTP engine to run which disallows regular SSH logins, or you can use an app such as MySecureShell to do the heavy lifting.
MySecureShell supports access control lists, which are the heart of granular control over user access. It is included in many distribution repositories so you can just use your package manager to install it:
$ sudo apt-get install mysecureshell [sudo] password for jdw: Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: mysecureshell
After installation, some basic modifications may need to be done to the app’s configuration file in /etc/ssh/sftp_config and then you’ll be up and running.
Vsftp is a free FTP server for Unix-like systems, including Linux. It is known for being very fast, stable, and consuming few systems resources. The extensive feature list includes support for virtual users (non-system users), the ability to listen on any interface, per-user configuration and rate limiting or throttling to avoid dos-type attacks or usage.
Many of the best-known Linux distributions run vsftp as their FTP server, which speaks volumes to its security and stability. Part of that pedigree may stem from the fact that the app’s maintainer, Chris Evans, has a history of discovering security vulnerabilities himself.
Vsftp is in most Linux distributions and can be installed via your package manager.
$ sudo apt-get install vsftpd Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: vsftpd
As with most Linux tools, a quick run through the /etc/vsftp.conf file is necessary to set some basic configuration options, and then your vsftp server is ready to go.
16. ProFTPd configured to use SFTP
ProFTP was built from the ground up out of a need to displace wu-ftp as a widely-used FTP server. Wu-ftp had become unwieldy due to years of modifications made necessary by insecurities in the app and eventually it became more productive to just build a new FTP client from scratch.
ProFTP is inspired somewhat after the Apache webserver. You can mostly see this in the format of the configuration files, and in the fact that it uses modules to load needed functionality. In this case, you’ll want to use ProFTP with the mod_sftp module loaded in order to attain SFTP functionality.
The ProFTP website provides a few example configurations to get you started on the right track.
FTP remains a very important part of the internet toolset despite the fact that it inherently lacks security. Much like the HTTP protocol has had TLS bolted onto it for security to form what we now call HTTPS, FTP has had both TLS and SSH merged into it in order to provide encryption and security. There are few other tools that so easily allow arbitrarily large file transfers. Many organizations will continue to use SFTP or FTPS for a long time to come.
PureFTPD is an open source SFTP server that works on virtually all versions of Unix-like operating systems including Linux, BSD, Solaris and more. It is maintained as an open source project aimed specifically at providing a standards-compliant FTP server. The interface messages have been translated into a variety of languages, so if you’re working with an international user-base, PureFTP may be for you.
There are no limitations with PureFTP; all features are available from the start. Among its more useful features is the ability to throttle connections in order to preserve bandwidth, run it in a virtual file system (“chroot” in *nix parlance), set upload/download limits and more.
Best Free SFTP and FTPS servers for both Windows and Linux
18. VandDyke VShell
VanDyke Software VSHell is an enterprise-level SFTP and SCP server for Windows and Unix. It supports SFTP, SCP, and FTPS, and includes very granular user access control.
The Windows version boasts an easy-to-use graphical installer and it can use various user authentication methods such as LDAP and public/private key pairs.
The Unix version supports virtual directories as well as fine-grained file permissions. File permissions can be set per user, or on the virtual directories themselves.
VShell comes with a 30-day trial.