Best SFTP Server Software For Secure File Transfers
Transferring files from one system to another is something that has to be done on a regular basis. On a local network, it is often accomplished using network shares but between networks, when the transfer is done through the Internet, we normally use some form of file transfer protocol. Many different protocols have seen the light with each successive one addressing one or many shortcomings of its ancestors.
Today, we’re having a look at SFTP server software. Why SFTP, you might ask? Well, mostly because of security concerns. SFTP encapsulates a file transfer within a secure SSH connection, making it ideal for use on public networks, such as the Internet.
Before we have a look at the actual SFTP servers themselves, we’ll start off by discussing the various file transfer protocols available today and how they differ. Next, we’ll introduce the best SFTP server software for Windows including a couple of portable options. Finally, we’ll have a look at what’s available on Linux. As you’ll see, almost every Linux system comes with an SFTP server built right into it.
About File Transfer Protocols
FTP (which stands for File Transfer Protocol—how original) is the granddaddy of all file transfer protocols. It was invented in the early 70s as one of the primary ways of transferring files between systems. It has become so commonplace that nowadays, most operating systems including Windows, Mac OS, and Linux have some form of FTP client. FTP is an unencrypted protocol, though. It didn’t originally matter much as public networks didn’t exist but it is less than ideal for use on the Internet, especially when you consider that not only the transferred files but also the login credential are sent over the network unencrypted. Anyone intercepting traffic would be able to capture usernames and password. This is why secure protocols such as SFTP and FTPS were invented.
Although, at first sight, it may look like SFTP and FTPS vary only by the placement of the “S” within the acronym, they are completely different in how they operate. They were both created to add security to FTP file transfers but the similarity ends there. Let’s see how they operate.
The FTPS–which stands for File Transfer Protocol Secure–is a secure version of the FTP protocol which adds an encryption layer using either the SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols. It’s really nothing more than the FTP protocol that’s been improved to allow data encryption negotiation and its operation is similar to that of HTTPS for web sites. The protocol was introduced in the mid-90s, shortly after Netscape released their Secure Sockets Layer extension and it is now widely used. It was later improved to allow TLS in addition to SSL encryption, providing even better security.
SFTP–which stands for Secure File Transfer Protocol (notice the subtle difference?)–is another secure way of transferring files in an encrypted fashion but it is not based on the FTP protocol. Instead, it relies on Secure SHell, or SSH. In fact, SFTP is an extension of the SSH protocol to include an FTP-like file transfer functionality and which supports FTP-like commands. As such, the level of security of an SFTP file transfer is the same as that of an SSH session.
It is important not to confuse the Secure File Transfer Protocol and the Simple File Transfer Protocol, both referred to as SFTP. The latter is a no-longer-in-use protocol that was developed to be a compromise between the elementary TFTP protocol and the full-featured FTP protocol.
Our description of SFTP might remind you of yet another similar protocol called SCP or Secure Copy. SCP is yet another file transfer protocol that operates within an SSH connection. This is where the similarity ends, though, as SCP only provides file transfer but has none of the advanced file management and browsing capabilities of the SFTP protocol.
The Top SFTP servers for Windows
As we’ve seen, SFTP is more similar to SSH that it is to FTP. For that reason, not many FTP servers include SFTP capability while many SSH servers do. We’ve rounded up some of the best SFTP servers we could find. Let’s have a look at their main features.
1. SolarWinds SFTP/SCP Server (FREE DOWNLOAD)
You might already know SolarWinds. The company makes some of the best network management and monitoring software. It is also famous for making several free software utilities. Those include our number one pick, the SolarWinds Free SFTP/SCP server.
As its name implies, the server will handle both SFTP and SCP, two SSH-based file transfer protocols. Running as a Windows service, operating the server should be an easy task for any system admin. And if you’re new to this, its easy user interface will make you feel comfortable very quickly.
- FREE DOWNLOAD: SolarWinds SFTP/SCP Server
- Official Download Link: https://www.solarwinds.com/free-tools/free-sftp-server/registration
The SolarWinds Free SFTP/SCP server does not use system accounts for user authentication. Instead, it uses virtual users that you create within the application for the purpose of transferring files. These virtual users offer heightened security. If, for instance, an account was compromised, it couldn’t be used to log into the system directly. Another feature that can improve the server’s security is that it can be configured to only allow incoming connections from specific IP addresses or ranges.
The SolarWinds Free SFTP/SCP server can be used to securely transfer files up to 4 GB in size. It can also handle concurrent transfers from multiple devices. It downloads as a zip file that extracts into a Windows MSI installer. Once installed, configuration as simple as can be. You just start its control panel application and specify a few options such as permitted protocols and transfer options.
2. FreeFTPd
A close cousin of FreeSSHd, FreeFTPd is a full-featured FTP server for Windows. It is one of the rare servers that will support FTP and also both SFTP and FTPS, thanks to its SSH ancestry. As its name implies, This is a free FTP server. It claims to run on any version of Windows from NT 4.0 and the tool supports the creation of local users–rather than using Windows domain accounts.
FreeFTPd can be configured during installation to run as-needed as an application or to run as a system service. Running it as a service means that it will always be available to your SFTP users. Note that a vulnerability discovered in version 1.0.11 of the product. It was, however, quickly fixed in version 1.0.12. Make sure the version you install is at least 1.0.12. The latest one you can download from the developer’s website is 10.0.13.
3. Syncplify.me Server!
The Syncplify.me Server!, a full-featured SFTP and FTPS server from Syncplify.me, is really a server on steroids. It will do much more than just transfer files and it was created with security in mind. One of its main features, called Syncplify.me Protector™ uses artificial intelligence to automatically identify attacks. Even unknown ones.
The Syncplify.me Server! can be installed in a high-availability mode where two servers will act as one and provide automatic failover, eliminating downtime. It boasts several advanced configuration options and can be expanded using scripts in JavaScript, C++, Pascal or Basic (yes, Pascal or Basic, this is not a typo) to automate your document management and workflow.
This powerful file transfer server will run on Windows Server 2008 and up, in both 32- and 64-bit versions. Although this is a paid piece of software, there’s a free/evaluation edition which has all the features of the Ultimate edition. It will, however, only accept a single connection and it can’t be used in a production environment.
4. Bitvise SSH/SFTP Server
You may know Bitvise. The company specializes in secure remote access software for Windows. Some of its best-known products are the Bitvise SSH Server and SSH Client. Since SFTP is just an extension of SSH, their SSH server will also support SFTP. The Bitvise SSH Server is rumoured to be one of the fastest available. Files will transfer as quickly as the client and the network connection will allow. Furthermore, an unlimited number of simultaneous connections are supported. The only real limitation you’ll encounter when using it will be that of the hardware on which it runs.
As for security, the Bitvise SSH Server leaves nothing to be desired as it uses Crypto++ 5.3, one of the best encryption libraries, to secure connections. The server also supports virtual accounts to ensure your system accounts are never exposed and compromised. The only drawback of this product is that it is not free. It is for personal and non-commercial use but any other use requires purchasing a license after a thirty-day evaluation period. However, at less than $100 dollars per server, the price is more than reasonable. The company also offers site licenses and worldwide limited licenses for larger organizations.
5. SYSAX Multi Server
To no surprise, the SYSAX Multi Server supports multiple protocols. It will allow connections using both SFTP and FTPS but it will also handle FTP and HTTPS-based file transfers. And to make it even better, it’s also a telnet and SSH server. The server supports the use of both Windows accounts and locally-created virtual accounts, giving you the best of both worlds. It is easy to manage and configure, thanks to its user-friendly web-based interface.
The server is available in several versions. The Personal edition is free but it is restricted to one connection at a time and it won’t do HTTPS file transfers. It is also restricted to personal and non-commercial use. There are also Standard, Professional, and Enterprise editions each supporting increasingly more features at prices ranging from $197 to $697.
6. XLight FTP server
The Xlight FTP server is a simple Windows FTP, SFTP, and FTPS server. It is a powerful software with low memory and CPU usage. Designed for high performance, it can easily handle thousands of simultaneous FTP connections. The server supports Active Directory users, LDAP users, or local users, making it a great fit in any kind of situation.
The Xlight FTP Server has many useful features and including the availability of a free edition for personal use. It is limited to 5 concurrent connections whereas the Standard edition at $40 allows 50 and the Professional edition at $130 is unlimited. Note that an additional license is required for SSH and therefore SFTP. The software will run on Windows 2000, XP, Vista, 7, 10, 2003, 2008 and 2012.
Some Portable SFTP Servers
The next entries on our list are interesting mainly because they are portable solutions. That is solutions that require no installation on the computer where they run. They can come in very handy for ad-hoc situations when you quickly need am SFTP server. You can carry them with you on a USB flash drive and always have one ready to use by simply copying it to your computer.
1. Syncplify.me Micro SFTP Server
Syncplify.me, who brought us their full-featured SFTP and FTPS Server reviewed above, also offers the Micro SFTP Server for Windows. It is a self-contained and completely portable SFTP server which can be run from a USB stick without requiring any installation. And unlike its big brother, the Syncplify.me SFTP and FTPS Server, the Micro SFTP Server software is absolutely free and can be used in any situation including production or commercial uses.
Of course, the software has some limitations. For starters, it only supports one user profile, one root folder, and incoming connections from one client at a time. For that reason, it is more commonly used as a test platform for SFTP client software or to test in-software file transfer features than as a true SFTP server. However, despite its limitations, it might be all that you need. Another typical use of the software is as a personal secure file transfer server for a home network.
2. Core Mini SFTP Server
Like the previous selection, the Core Mini FTP Server is a free FTP and SFTP server that doesn’t require any installation. Just go to the Core FTP Server’s web page to download it. Once you’ve downloaded the executable file which is available in 23- or 64-bit versions and is less than 2 Mb in size, you simply run it. You’ll need to specify the FTP username and password to be used as well as the port and root directory and you’re good to go. We could hardly think of a simpler tool.
It has some drawbacks, though. For instance, the server will run with your user account and will have access to all of your files. Make sure you specify a root directory where damage by users is of little or no consequence. Other than that, the Core Mini FTP Server is a great little server that’s easy to use albeit somewhat limited.
The Top SFTP servers for Linux
Linux is a popular operating system for servers so it doesn’t come as much of a surprise that users would want to run an SFTP server on that platform. Fortunately, there are plenty of options available. In fact, our third selection below is probably already present on most Linux installations.
1. ProFTPd
It is clear, when you look at its configuration file, that ProFTPd’s developers were big fans of the Apache webserver. The format of the configuration file is almost identical to Apache’s. And just like Apache, it uses modules to provide additional functionality. And there is, of course, a module that can be added to the basic FTP server to add SFTP capabilities.
To ease the pain of configuring the server, the ProFTPd website has several sample configuration files. That will help you get started quickly. In addition to a basic configuration file, there’s one for anonymous FTP, two for using virtual hosts, and one which makes use of MySQL user authentication. The software can be downloaded as a tarball from the developer’s website. Alternatively, many distributions include it as part of their optional packages. Search for it in your package manager. Chances are it is there.
2. PureFTPD
Another great open-source FTP and SFTP server, PureFTPD not only work on Linux but also on most Unix-like operating systems such as BSD or Solaris. The project’s goal is to provide a standards-compliant FTP server. All the messages have been translated into multiple languages, making this an ideal choice for multi-lingual environments.
PureFTPD is free and comes with absolutely no limitations. All of its features are available to any user. Talking about features, they include the server’s ability to limit connections bandwidth, to run sessions in a virtual file system, to set upload and or download limits, and several more great features. Pre-built packages are available for several Linux distributions including Mandriva, Debian, Ubuntu, and Slackware. It’s also available as source code that can be compiled with no modification and run on any other supported OS.
3. Another Option: OpenSSH
SFTP runs on top of SSH and since OpenSSH is built into most—if not all—Linux systems, SFTP is also there are ready to be used. On a typical Linux system, most users—as long as they have SSH access—should be able to use an SFTP client and connect to the server. That would allow them to transfer files to and from their home directory. Keep in mind that port 22—used by SFTP—could be blocked by default. You might need to dig a little to figure how to open it but, in essence, that’s all you need for a crude SFTP server. If your needs are anything more than an occasional transfer, though, we’d strongly suggest you go with a more potent SFTP server software.
In Conclusion
Although FTP is still a very popular way of transferring files, its lack of security gave birth to SFTP which addresses most security concerns. We have all reasons to think that this improved protocol will still be used for years to come. All the top software reviewed here will do an excellent job, yet we can’t help but prefer our number one pick: the SolarWinds SFTP/SCP server. Not only is it an excellent product but also comes from a company that has a solid reputation for providing some of the best network admin software including some amazing free tools.